General

  • Target

    727b41d28e44061d6c566be7080ee58e.exe

  • Size

    1.1MB

  • Sample

    240822-ky45ns1fqr

  • MD5

    727b41d28e44061d6c566be7080ee58e

  • SHA1

    5c1b158caa4d8cf0b9b1c1a3da86eb123cfedf65

  • SHA256

    ad64dd243e584464c1f21671ab0ac3f679d4b061af4c776b076c7a64d017bd2b

  • SHA512

    33cb49f3b7babdd6263e33bcb5feb30d0cc082949c719bea7507bce17e9808fb7b544129ca8ff51b06cc3ee8c22d2ed6808378233dec56832f6ac645fc372ef7

  • SSDEEP

    24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aibW8efdXmZVH:hTvC/MTQYxsWR7aiS8bV

Malware Config

Extracted

Family

vipkeylogger

Credentials
C2

https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544

Targets

    • Target

      727b41d28e44061d6c566be7080ee58e.exe

    • Size

      1.1MB

    • MD5

      727b41d28e44061d6c566be7080ee58e

    • SHA1

      5c1b158caa4d8cf0b9b1c1a3da86eb123cfedf65

    • SHA256

      ad64dd243e584464c1f21671ab0ac3f679d4b061af4c776b076c7a64d017bd2b

    • SHA512

      33cb49f3b7babdd6263e33bcb5feb30d0cc082949c719bea7507bce17e9808fb7b544129ca8ff51b06cc3ee8c22d2ed6808378233dec56832f6ac645fc372ef7

    • SSDEEP

      24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aibW8efdXmZVH:hTvC/MTQYxsWR7aiS8bV

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks