General

  • Target

    cf3cf2c38908bfce2ec7ae9f2186271b384d5049c351664b711dfa6060addbeb

  • Size

    1.2MB

  • Sample

    240831-c4t8na1dqf

  • MD5

    5bb93338b930cdfe2063c63fe9ecb99a

  • SHA1

    9a169014f4fee426c06600805cc6c2304b7d808d

  • SHA256

    cf3cf2c38908bfce2ec7ae9f2186271b384d5049c351664b711dfa6060addbeb

  • SHA512

    441665dd8d92a04cd9b4a3becdd4e2b6e80593cef3535a7f75ca183aff6d47547dec4a0457984a1a5605f614fb5673a9519bc51262ccfe44c5b7facec1396130

  • SSDEEP

    24576:itb20pkaCqT5TBWgNjVYwSK3SKaoY16A:vVg5tjVYwSKCK/w5

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.vvtrade.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    qVyP6qyv6MQCmZJBRs4t

Targets

    • Target

      cf3cf2c38908bfce2ec7ae9f2186271b384d5049c351664b711dfa6060addbeb

    • Size

      1.2MB

    • MD5

      5bb93338b930cdfe2063c63fe9ecb99a

    • SHA1

      9a169014f4fee426c06600805cc6c2304b7d808d

    • SHA256

      cf3cf2c38908bfce2ec7ae9f2186271b384d5049c351664b711dfa6060addbeb

    • SHA512

      441665dd8d92a04cd9b4a3becdd4e2b6e80593cef3535a7f75ca183aff6d47547dec4a0457984a1a5605f614fb5673a9519bc51262ccfe44c5b7facec1396130

    • SSDEEP

      24576:itb20pkaCqT5TBWgNjVYwSK3SKaoY16A:vVg5tjVYwSKCK/w5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks