General

  • Target

    Request for Quotation #P01042.exe

  • Size

    1.0MB

  • Sample

    240902-k8233axaqk

  • MD5

    f17de66b33be33361fbd073e8751042f

  • SHA1

    e8f417ebb6b074bc21fc77b7f158347c2237ce65

  • SHA256

    dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef

  • SHA512

    808a17ce8ebc84f182fc1e1e6a60e9003a23fae928d19c48ac1d18f0d725a315a9e2542b4c20dca1e98c5a19245bcf52e9fbc0a5a789b3aa0b319e12f4fbb5a7

  • SSDEEP

    24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aBR/KiSUZ:XTvC/MTQYxsWR7aBlnT

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6771753441:AAEtW-sv17Uhb9H07XMq_7Iqh1LR5PcwQJ0/sendMessage?chat_id=1928664850

Targets

    • Target

      Request for Quotation #P01042.exe

    • Size

      1.0MB

    • MD5

      f17de66b33be33361fbd073e8751042f

    • SHA1

      e8f417ebb6b074bc21fc77b7f158347c2237ce65

    • SHA256

      dab8a35e31c2059c2070c1ac0f624b208c396d6debb3f63c8eea5d54cce5aaef

    • SHA512

      808a17ce8ebc84f182fc1e1e6a60e9003a23fae928d19c48ac1d18f0d725a315a9e2542b4c20dca1e98c5a19245bcf52e9fbc0a5a789b3aa0b319e12f4fbb5a7

    • SSDEEP

      24576:XqDEvCTbMWu7rQYlBQcBiT6rprG8aBR/KiSUZ:XTvC/MTQYxsWR7aBlnT

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks