General

  • Target

    72FB0D0A7B5D1DB1E4A08668C7599AB47D8667765F0D7152BACE890AF725445D

  • Size

    1.0MB

  • Sample

    250103-jpe9hsvlb1

  • MD5

    31de769f543026827f7f0ae67ecd1607

  • SHA1

    97ce538bf5fcfbf6296f2f4e3cd308f7b64bb8fe

  • SHA256

    72fb0d0a7b5d1db1e4a08668c7599ab47d8667765f0d7152bace890af725445d

  • SHA512

    3351f9a948244e18b6d5454eb7099027a803338fd67abff522594143d2b4c1a2defc4bf7b42943c7d434dade06a541488acfb22647184b9edcd0670c8ec7c1b6

  • SSDEEP

    24576:m4lavt0LkLL9IMixoEgealHZksrOjFw3tlzGEIkq9MmCS:xkwkn9IMHealHOsrOjatl/aPCS

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      72FB0D0A7B5D1DB1E4A08668C7599AB47D8667765F0D7152BACE890AF725445D

    • Size

      1.0MB

    • MD5

      31de769f543026827f7f0ae67ecd1607

    • SHA1

      97ce538bf5fcfbf6296f2f4e3cd308f7b64bb8fe

    • SHA256

      72fb0d0a7b5d1db1e4a08668c7599ab47d8667765f0d7152bace890af725445d

    • SHA512

      3351f9a948244e18b6d5454eb7099027a803338fd67abff522594143d2b4c1a2defc4bf7b42943c7d434dade06a541488acfb22647184b9edcd0670c8ec7c1b6

    • SSDEEP

      24576:m4lavt0LkLL9IMixoEgealHZksrOjFw3tlzGEIkq9MmCS:xkwkn9IMHealHOsrOjatl/aPCS

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks