General

  • Target

    9af845b97c1682091cfafe6b2186821883bd912cc3113e4dfafb0ca0f72206cc.exe

  • Size

    693KB

  • Sample

    241210-dqmr4a1rdy

  • MD5

    950c269ffc596bb167ba627631af0f50

  • SHA1

    f784fd1a3a31f92091927fac47f2835475ad8002

  • SHA256

    9af845b97c1682091cfafe6b2186821883bd912cc3113e4dfafb0ca0f72206cc

  • SHA512

    859b526215512aec5710b40b7a7f85da19d912705639652e9048b9ac35e5fe8cbc87e4a91e6fd3bc576d1ca7838167f3887aaebdb2a8668a305dde4404de7f7b

  • SSDEEP

    12288:v63HI6tYy3xQkAJDIAMVFkVsnnT13XsZ18iN8IQauhfgERtyz/bwkF9Sk+fmzWbd:v0HI4YyakAo+sJX0RNbGFiz/bN/Sk+fR

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      9af845b97c1682091cfafe6b2186821883bd912cc3113e4dfafb0ca0f72206cc.exe

    • Size

      693KB

    • MD5

      950c269ffc596bb167ba627631af0f50

    • SHA1

      f784fd1a3a31f92091927fac47f2835475ad8002

    • SHA256

      9af845b97c1682091cfafe6b2186821883bd912cc3113e4dfafb0ca0f72206cc

    • SHA512

      859b526215512aec5710b40b7a7f85da19d912705639652e9048b9ac35e5fe8cbc87e4a91e6fd3bc576d1ca7838167f3887aaebdb2a8668a305dde4404de7f7b

    • SSDEEP

      12288:v63HI6tYy3xQkAJDIAMVFkVsnnT13XsZ18iN8IQauhfgERtyz/bwkF9Sk+fmzWbd:v0HI4YyakAo+sJX0RNbGFiz/bN/Sk+fR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks