General

  • Target

    855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe

  • Size

    1.0MB

  • Sample

    241210-dltpva1qc1

  • MD5

    ca3706dd6a93c5928ee3252054a7ec74

  • SHA1

    402c4c006bf0e4d7afec7687f6033dccf11c6aa1

  • SHA256

    855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e

  • SHA512

    e83540a28bb8b6a014d40cc66842b0c045e712f894df967ade6939461120f61a9580c85c3915aa8103c4faa40077a26d9e9dbecfc7086a9529105c2e409b048d

  • SSDEEP

    24576:Ij+EfvosO3Hx7JwmNG3Ap137dboaPjyMi76Kb0:Y+MvpoOt3IRM+i76f

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e.exe

    • Size

      1.0MB

    • MD5

      ca3706dd6a93c5928ee3252054a7ec74

    • SHA1

      402c4c006bf0e4d7afec7687f6033dccf11c6aa1

    • SHA256

      855acbd89e8548eaaa06d25d0c767f6a1d550afd766c145d04a3fbc2eae6b80e

    • SHA512

      e83540a28bb8b6a014d40cc66842b0c045e712f894df967ade6939461120f61a9580c85c3915aa8103c4faa40077a26d9e9dbecfc7086a9529105c2e409b048d

    • SSDEEP

      24576:Ij+EfvosO3Hx7JwmNG3Ap137dboaPjyMi76Kb0:Y+MvpoOt3IRM+i76f

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks