General

  • Target

    11122024_0637_Потврда-0794111224-jpg.exe.iso

  • Size

    1.6MB

  • Sample

    241211-hdtr4a1nay

  • MD5

    bab0230f579b3c0b402085a45a271ebc

  • SHA1

    ba5b52f9ff62f27c255e252398d23be6264f5eb3

  • SHA256

    cc59e672814aa14d61d44fb6eaeb68502bbdc94f6fe45545ef439a8102e130d3

  • SHA512

    51530dbef144196d8b672d6e50ed208f0320824764e7cf23354b7f325b421fc6de771b2adccf231482d2313f289da11a4622f23df00cc2d53fb854d6fe20879a

  • SSDEEP

    24576:/u6J33O0c+JY5UZ+XC0kGso6Fa5ivMkhWY:Ju0c++OCvkGs9Fa5jY

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      Потврда-0794111224,jpg.exe

    • Size

      1.1MB

    • MD5

      8b920dc356ed1b1793dcfe00199caa2d

    • SHA1

      daa2eff7c6c782d70734d69246d0e08511b00dc8

    • SHA256

      78cda513bfe7c617e33922c71d93101f76dfaa4d8da9cdd83cfc41ccc1d36ab2

    • SHA512

      5530849739093e8b344be074969f02a737fd5a275b1b22d8c59a0b6ed5eebc895d5a815908f94d381fc302a3d3e919aeee2ab05b8db593f9631382df2bd2f3c8

    • SSDEEP

      24576:ou6J33O0c+JY5UZ+XC0kGso6Fa5ivMkhWY:Cu0c++OCvkGs9Fa5jY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks