General

  • Target

    11122024_0100_Fizetés27794777_2024_pdf.exe.iso

  • Size

    1.6MB

  • Sample

    241211-bc4scasncq

  • MD5

    09478902ed90a848a48814529a219dd1

  • SHA1

    47812866ac4c0e3b2291976175ec43ca4cc00380

  • SHA256

    e43c4489148ac5ae3bd8d71a78121d03225c222b26f58a8017260ebea5b1a851

  • SHA512

    7b21ae75e8b51a274e947bdbb697fe422f9af45b1ffa38ecc1377c622c8f65b0b0cfbbb09f562fa317378759061666b600291830abcea08058860dd410536ed7

  • SSDEEP

    24576:Ru6J33O0c+JY5UZ+XC0kGso6FaMfK9xH1g8FWY:Du0c++OCvkGs9FaMfK9xVUY

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Fizetés27794777_2024_pdf.exe

    • Size

      1016KB

    • MD5

      60a3ebd74f95ca762c400b77a6356216

    • SHA1

      0cb5d79033bc60f432400bc886ed90e71a5c89ae

    • SHA256

      6867e4527b256c95fc4f907e3d978b3d005ee8cd068696668860e9115d831664

    • SHA512

      29ea7a1b02ffd5acf2443889d60f303515caea9d093afc850d6e43fa3be87cf81fd5e858fcec35dde7d4d92fa158a0f96d1557a0fd4aea94a6782d608def6b26

    • SSDEEP

      24576:Mu6J33O0c+JY5UZ+XC0kGso6FaMfK9xH1g8FWY:Wu0c++OCvkGs9FaMfK9xVUY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks