General

  • Target

    a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac.exe

  • Size

    903KB

  • Sample

    241218-dq66qssjhq

  • MD5

    c9007399358b2c71f94731c0dada3aae

  • SHA1

    52961d38410067be7256356aa18ee52051bef614

  • SHA256

    a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac

  • SHA512

    67b9d38ccc08b2acdc09df19ebed66a945f6a6854e1e5f9b3f1a73eef4a466abbb13fa52519c732445d6418c388adec2b9ee827100ff2caedd0958f95061bb77

  • SSDEEP

    12288:7Xcxx2t6G/sAgiXH5DybRcnygUUDJ3l0DbiLutNS3haM78EQMZxmfemFXHW65zu+:7X22t6whH1nXrLKvE3l8Et2F2YuriV

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac.exe

    • Size

      903KB

    • MD5

      c9007399358b2c71f94731c0dada3aae

    • SHA1

      52961d38410067be7256356aa18ee52051bef614

    • SHA256

      a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac

    • SHA512

      67b9d38ccc08b2acdc09df19ebed66a945f6a6854e1e5f9b3f1a73eef4a466abbb13fa52519c732445d6418c388adec2b9ee827100ff2caedd0958f95061bb77

    • SSDEEP

      12288:7Xcxx2t6G/sAgiXH5DybRcnygUUDJ3l0DbiLutNS3haM78EQMZxmfemFXHW65zu+:7X22t6whH1nXrLKvE3l8Et2F2YuriV

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks