General
-
Target
299371485_14108825808_1736351479899.exe
-
Size
735KB
-
Sample
250122-kpv6eayman
-
MD5
a707e0ef919ba6b9d670ffdd32f1d4a4
-
SHA1
babe62daf8b14c67a1a31b75f282a05b5189fe61
-
SHA256
f0e65a838c01e4741493c605aab2232854d22a14d913374a2c61f083b35d7aa7
-
SHA512
0368b866aa2485e336124420a2366318d493220888071a8def40183bf79b57cde6a3c48b7a68371c07c1b0a62355f771b4331bd8d07c9f0a6ed7260c8d28b38c
-
SSDEEP
12288:aCWa+tvqExKLeKKJ/QAAYmBwqbthdeCju8hzBQ6eIuopP3n688m028L7f:2t9k8SAHmyqBiCS8heWvhX6xiaf
Static task
static1
Behavioral task
behavioral1
Sample
299371485_14108825808_1736351479899.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
299371485_14108825808_1736351479899.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
Targets
-
-
Target
299371485_14108825808_1736351479899.exe
-
Size
735KB
-
MD5
a707e0ef919ba6b9d670ffdd32f1d4a4
-
SHA1
babe62daf8b14c67a1a31b75f282a05b5189fe61
-
SHA256
f0e65a838c01e4741493c605aab2232854d22a14d913374a2c61f083b35d7aa7
-
SHA512
0368b866aa2485e336124420a2366318d493220888071a8def40183bf79b57cde6a3c48b7a68371c07c1b0a62355f771b4331bd8d07c9f0a6ed7260c8d28b38c
-
SSDEEP
12288:aCWa+tvqExKLeKKJ/QAAYmBwqbthdeCju8hzBQ6eIuopP3n688m028L7f:2t9k8SAHmyqBiCS8heWvhX6xiaf
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2