General

  • Target

    39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe

  • Size

    694KB

  • Sample

    240828-b1a5ya1enm

  • MD5

    579a3ee4f3ad4dd614b10e024cf0ebb3

  • SHA1

    9295445675922b829085a872917468665cb4a014

  • SHA256

    39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a

  • SHA512

    d21af245c672b48a7a19b6f7cc32a86a21ace60ed00ce4e7cd73a2a3fa833decaae71bf20595f588104a7b34d0eaf4f98479e432283306d1bd1435c252b7b093

  • SSDEEP

    12288:ZDI9FKfuG2eO5uoTND1ifwhoX2nvUmeIU7ZwUe6vA2MdoW0:ZCFKf5o58fwhoWvny7oeFMdo

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915

Targets

    • Target

      39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a.exe

    • Size

      694KB

    • MD5

      579a3ee4f3ad4dd614b10e024cf0ebb3

    • SHA1

      9295445675922b829085a872917468665cb4a014

    • SHA256

      39f0318e44b464792b0fa572e0a0c172f9f0b1a919404e3cc58d301c1dd2ab3a

    • SHA512

      d21af245c672b48a7a19b6f7cc32a86a21ace60ed00ce4e7cd73a2a3fa833decaae71bf20595f588104a7b34d0eaf4f98479e432283306d1bd1435c252b7b093

    • SSDEEP

      12288:ZDI9FKfuG2eO5uoTND1ifwhoX2nvUmeIU7ZwUe6vA2MdoW0:ZCFKf5o58fwhoWvny7oeFMdo

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks