General

  • Target

    12122024_0027_11122024_Obraztsi.png.img

  • Size

    1.6MB

  • Sample

    241212-ar39patnhx

  • MD5

    d7800e1747da6be7851f2f212e7b6dcb

  • SHA1

    65a72782d8ae80b5e025f9dfb84b9f9b750aa057

  • SHA256

    cf63e6fa5b0612bd51965c5371857516e831cbd1ea8f5aefddcc51f4b926278a

  • SHA512

    b9354a63fbcab15a8f40d5b3172cd3295543051756f391e475431a6c8d2f09e7c1af3bc462ffa4a8678dd739f679bf362a229ce563818f7e0d4ef8aa789eb395

  • SSDEEP

    24576:Uu6J33O0c+JY5UZ+XC0kGso6FaS1dieGnses7ThWY:uu0c++OCvkGs9FaS1dX0mAY

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      SWIFT.exe

    • Size

      1.0MB

    • MD5

      a1e12d2c6554aba6dc559c70c6e73de4

    • SHA1

      c3efbc42b9216818cae4745be17f10a45d312b20

    • SHA256

      8268222de842c98e6109c0edb31d03ee82ef3df1f09dceaebf6d63818adc356e

    • SHA512

      6a2913655b66975cf92219f24906824224a127b08a4290dd57d9403802b7572a925169550e180c33e1779734935c5a2bbe661e75a199d7a0bfd0e3e23d019471

    • SSDEEP

      24576:Hu6J33O0c+JY5UZ+XC0kGso6FaS1dieGnses7ThWY:Bu0c++OCvkGs9FaS1dX0mAY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks