General

  • Target

    01691572fea435c657ac244e6afe7f6bc6d4c1441e7d1ea0479be5f8f3c7d8be

  • Size

    514KB

  • Sample

    241223-c8henavmbl

  • MD5

    793b763a317009cf663ef1db103b2887

  • SHA1

    d95fde52d8442d444573ce294c9e2754035db474

  • SHA256

    01691572fea435c657ac244e6afe7f6bc6d4c1441e7d1ea0479be5f8f3c7d8be

  • SHA512

    e2ca91062ada9bc59183aec015dacb2d6920e98b96e0de04006825fdbd712fbce08bebe113e9697366691be2a7d0506d9ae28e2c38a0c557fba6cc09e693090f

  • SSDEEP

    12288:5cftDFBM7bP8sWVvkmRPp+nyQTHVKSXbBEMSfgelvN/Fb:+fPBMnE7ccEXbtCvT

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      Order quantity#1200_2400_3600pcs.exe

    • Size

      819KB

    • MD5

      0cd1071e0f79705e1dc57e76bc1abbe5

    • SHA1

      2485e562e9bb0f234f21d176066a0c17670aaf25

    • SHA256

      ed887c9d6b4326d2dde59eb42f1f8d0a6f274cfb690c1013f318a45aea5d3ac6

    • SHA512

      6073b0ababa1d92b341002c4a61ebd378b13cbe27ea115aa79581c06798c7837cc909a5d42cb92dafd187059d649693f2601d2342142101cec9f6aadc40c88d7

    • SSDEEP

      12288:0jvtDL3M7b58soVv4mRPrg5MCao3AiqLwgDK7Pw0W:0jvV3Mn2jgQo3A9L27Pw0W

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks