General

  • Target

    22082024103222082024P20Spareparts0030024.pdf.arj

  • Size

    692KB

  • Sample

    240822-n4631awakf

  • MD5

    cbeb6d181075f01f848589342744f036

  • SHA1

    91306547073f20f3b1190e8d6d4a36378800c417

  • SHA256

    148f5254545964209ea9b2d2c3c601bc93bc21bbb071b7e7d47fcd457a1a05bb

  • SHA512

    e5956e52e1563d907aa9933d9982f14682198a1de305a32f4a5b2aef241d730339f1dba78b28cd94d6ab479ea432ce834a50984b55679bdd8d1c313725fabfe8

  • SSDEEP

    12288:Bs85ZV3a7GSn1nqer8xpEF8VyptbLPMgTiBafuItAmzS+NanhxSboQJAJ2CLo:L5u7GSnsY8L9yptXPFWmPkxeZVX

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7138167080:AAGz8Y3SsqdlT4qaMw3a_KzJ5J0E1G48wpQ/sendMessage?chat_id=5593200404

Targets

    • Target

      P20 Spare parts-0030024.pdf.exe

    • Size

      764KB

    • MD5

      c5983658b6a22abd9d428df9d10f69f6

    • SHA1

      d42d55aa11f1416c19b9696f08242dc39f193cfa

    • SHA256

      f32c9919f92f761236787b1f5e46ffa0e9672232342f3418ef683068d2928d55

    • SHA512

      178fdab9aae5bdd0c1cea56cbcaca72e10148582df34a244e6b47398a2d42ea97af8f7152abfc814d82ea4ca75a9d3787bd644e6288f76576265094399d89209

    • SSDEEP

      12288:98TIMidFijyW7IiU/Qe/EMIh5McJky1Qw8EoXuY2l1+IOMcGS/8vwloL3rlW4I:91didIiU/Qm2h76GboXuY2P+IHTrYyv

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks