General

  • Target

    d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe

  • Size

    1.1MB

  • Sample

    240827-v86flasela

  • MD5

    b1625586328ced2f2ca8d119a06f8713

  • SHA1

    0c2f2ad3e4ee88d99dbd42a56fdc515b7dd533e7

  • SHA256

    d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb

  • SHA512

    cd5d8afb20568ddd214f72ce5468c47fb84af3caf772f7c50d3f5244468d47beb5ae175aba8348bb1b3aeb65601ba30b865d3bfec417bb84a3f19eed94467156

  • SSDEEP

    24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aftzJoLSmtXpEwpfMsNUsXD:pTvC/MTQYxsWR7aftzJlmP9pEsB

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7461655198:AAErWj9ySuriVtERqboc8jIftAtwvOsFMsw/sendMessage?chat_id=6867107799

Targets

    • Target

      d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb.exe

    • Size

      1.1MB

    • MD5

      b1625586328ced2f2ca8d119a06f8713

    • SHA1

      0c2f2ad3e4ee88d99dbd42a56fdc515b7dd533e7

    • SHA256

      d179623dca05356c39d66f7e150e819b53cd7e8b54fbd2dc3bb6af525a3f2ddb

    • SHA512

      cd5d8afb20568ddd214f72ce5468c47fb84af3caf772f7c50d3f5244468d47beb5ae175aba8348bb1b3aeb65601ba30b865d3bfec417bb84a3f19eed94467156

    • SSDEEP

      24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8aftzJoLSmtXpEwpfMsNUsXD:pTvC/MTQYxsWR7aftzJlmP9pEsB

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks