General

  • Target

    cf7c1cb71ad11a8c4ab07ffc3afa2f67.exe

  • Size

    707KB

  • Sample

    240822-h3slbsvbrg

  • MD5

    cf7c1cb71ad11a8c4ab07ffc3afa2f67

  • SHA1

    68c5f1c0e97237c4fff232e099353792b160df1a

  • SHA256

    6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9

  • SHA512

    997d7e6bcd9aa8ac33f6bb667edfe40efc522f47dd54284895b15736edb86052284409a3a6a9ab1c9e9066f507599a1824cf6a935849cb7346e2464c90ccb904

  • SSDEEP

    12288:PsHzOUNUSB/o5LsI1uwajJ5yvv1l22BFPP+W3hf/sgaEKs4+V51t35VXEjEzMWT4:eiUmSB/o5d1ubcvxhGmhf/sga6f5njXI

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7121690251:AAEuf5zFrwn6F6mTVPJTwU5P1nN1ULFLElA/sendMessage?chat_id=7071568333

Targets

    • Target

      cf7c1cb71ad11a8c4ab07ffc3afa2f67.exe

    • Size

      707KB

    • MD5

      cf7c1cb71ad11a8c4ab07ffc3afa2f67

    • SHA1

      68c5f1c0e97237c4fff232e099353792b160df1a

    • SHA256

      6eb12a217689847fa90ae6ac61401fe0349653808da3e4386abf01ee4f56e2f9

    • SHA512

      997d7e6bcd9aa8ac33f6bb667edfe40efc522f47dd54284895b15736edb86052284409a3a6a9ab1c9e9066f507599a1824cf6a935849cb7346e2464c90ccb904

    • SSDEEP

      12288:PsHzOUNUSB/o5LsI1uwajJ5yvv1l22BFPP+W3hf/sgaEKs4+V51t35VXEjEzMWT4:eiUmSB/o5d1ubcvxhGmhf/sga6f5njXI

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks