General

  • Target

    bbbe993804cbc190fa9d492111069c1b406ac213bd5178170d1b817a3a39a48d

  • Size

    1.0MB

  • Sample

    241212-dpc69sylfw

  • MD5

    73ac874af91f6dd0afbf0f1c577e87e2

  • SHA1

    b8168049435eac7d0ee05941655d17c1f8ad67dc

  • SHA256

    bbbe993804cbc190fa9d492111069c1b406ac213bd5178170d1b817a3a39a48d

  • SHA512

    75b0f069308939d8d7007d714b00a19a7346fa9477386ecbf0eea50d5908cf4edfcb88e8f418cd434be06c3f8b686f584df1d156d6ef1214e40cbdd4c020156b

  • SSDEEP

    24576:nu6J33O0c+JY5UZ+XC0kGso6Fa74XEnkWY:hu0c++OCvkGs9Fa7kEnY

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      bbbe993804cbc190fa9d492111069c1b406ac213bd5178170d1b817a3a39a48d

    • Size

      1.0MB

    • MD5

      73ac874af91f6dd0afbf0f1c577e87e2

    • SHA1

      b8168049435eac7d0ee05941655d17c1f8ad67dc

    • SHA256

      bbbe993804cbc190fa9d492111069c1b406ac213bd5178170d1b817a3a39a48d

    • SHA512

      75b0f069308939d8d7007d714b00a19a7346fa9477386ecbf0eea50d5908cf4edfcb88e8f418cd434be06c3f8b686f584df1d156d6ef1214e40cbdd4c020156b

    • SSDEEP

      24576:nu6J33O0c+JY5UZ+XC0kGso6Fa74XEnkWY:hu0c++OCvkGs9Fa7kEnY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks