General

  • Target

    TTR987654567000.bat

  • Size

    1.1MB

  • Sample

    240822-mwywzssgja

  • MD5

    0eb2d9c9729de6350fa208cd9deda0c0

  • SHA1

    5221a68480fc7872ac8f017ee99fa98b66e3cc87

  • SHA256

    5b05fdf53cb47c6e86d4ccb039f4f9adc27d8f7ec8bd1e031e24c1d555a1c547

  • SHA512

    bb82ed2a0d41651a23dd9715c5db987075449f13337def0bdf3f557ca0675bf5c1cd256e8c0982f8ba67ca1bef22596d044b7dfaecbd111e41b9f45f4f8cbd65

  • SSDEEP

    12288:yP5RqRF6UxaKheNx0JDmygPiW4F0e+mfMlgbv:0ARF6Uxfe/01myUwfkCv

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      TTR987654567000.bat

    • Size

      1.1MB

    • MD5

      0eb2d9c9729de6350fa208cd9deda0c0

    • SHA1

      5221a68480fc7872ac8f017ee99fa98b66e3cc87

    • SHA256

      5b05fdf53cb47c6e86d4ccb039f4f9adc27d8f7ec8bd1e031e24c1d555a1c547

    • SHA512

      bb82ed2a0d41651a23dd9715c5db987075449f13337def0bdf3f557ca0675bf5c1cd256e8c0982f8ba67ca1bef22596d044b7dfaecbd111e41b9f45f4f8cbd65

    • SSDEEP

      12288:yP5RqRF6UxaKheNx0JDmygPiW4F0e+mfMlgbv:0ARF6Uxfe/01myUwfkCv

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks