General

  • Target

    299371485_14108825808_1736351479899.exe

  • Size

    735KB

  • Sample

    250122-kpv6eayman

  • MD5

    a707e0ef919ba6b9d670ffdd32f1d4a4

  • SHA1

    babe62daf8b14c67a1a31b75f282a05b5189fe61

  • SHA256

    f0e65a838c01e4741493c605aab2232854d22a14d913374a2c61f083b35d7aa7

  • SHA512

    0368b866aa2485e336124420a2366318d493220888071a8def40183bf79b57cde6a3c48b7a68371c07c1b0a62355f771b4331bd8d07c9f0a6ed7260c8d28b38c

  • SSDEEP

    12288:aCWa+tvqExKLeKKJ/QAAYmBwqbthdeCju8hzBQ6eIuopP3n688m028L7f:2t9k8SAHmyqBiCS8heWvhX6xiaf

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      299371485_14108825808_1736351479899.exe

    • Size

      735KB

    • MD5

      a707e0ef919ba6b9d670ffdd32f1d4a4

    • SHA1

      babe62daf8b14c67a1a31b75f282a05b5189fe61

    • SHA256

      f0e65a838c01e4741493c605aab2232854d22a14d913374a2c61f083b35d7aa7

    • SHA512

      0368b866aa2485e336124420a2366318d493220888071a8def40183bf79b57cde6a3c48b7a68371c07c1b0a62355f771b4331bd8d07c9f0a6ed7260c8d28b38c

    • SSDEEP

      12288:aCWa+tvqExKLeKKJ/QAAYmBwqbthdeCju8hzBQ6eIuopP3n688m028L7f:2t9k8SAHmyqBiCS8heWvhX6xiaf

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.