General

  • Target

    96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe

  • Size

    1.1MB

  • Sample

    240820-vbnjhswhql

  • MD5

    8ab89c59c8fda81159ae27eaf35dd684

  • SHA1

    aaadcdafc21a5f2a4a22e679ec87125928e299bd

  • SHA256

    96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419

  • SHA512

    9af7f0b9a3209f296bdec04ddbc41cc7ecd5ae4136e13e64ec1025d5acebbe04040f243cfd5098ce87acb58ac4e50d322d53a448a05fcfc3f293ae00967b2f41

  • SSDEEP

    24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8azSFN:hTvC/MTQYxsWR7azSF

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe

    • Size

      1.1MB

    • MD5

      8ab89c59c8fda81159ae27eaf35dd684

    • SHA1

      aaadcdafc21a5f2a4a22e679ec87125928e299bd

    • SHA256

      96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419

    • SHA512

      9af7f0b9a3209f296bdec04ddbc41cc7ecd5ae4136e13e64ec1025d5acebbe04040f243cfd5098ce87acb58ac4e50d322d53a448a05fcfc3f293ae00967b2f41

    • SSDEEP

      24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8azSFN:hTvC/MTQYxsWR7azSF

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks