General

  • Target

    Order list.scr.exe

  • Size

    649KB

  • Sample

    240902-k82gjaxapr

  • MD5

    f3bc4d185cf009d36d19faf6f683edde

  • SHA1

    84caf78588dddc99ae38ff6e49f25647996f05b3

  • SHA256

    460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d

  • SHA512

    b5f85bfda6c79c7bacc709e90cf794a80ba9d3a460ebc0d85d2e41a03a0f0fb7b5cde7550fbc60f73dad278394f47cbbbd43807ce925a6fff485f3182aa226e4

  • SSDEEP

    12288:fBKYvI8cbnlbviVApLEUB2pmz/9rKWqUhRKtJFArBWZlLhEkR:fOrdiWnB2gzFrKJUhqadWZNhj

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7256817951:AAG5xzjRW132Bmj7Hw7uBdVfNrFphoCAQEc/sendMessage?chat_id=6326208361

Targets

    • Target

      Order list.scr.exe

    • Size

      649KB

    • MD5

      f3bc4d185cf009d36d19faf6f683edde

    • SHA1

      84caf78588dddc99ae38ff6e49f25647996f05b3

    • SHA256

      460c6ac1986040f231b38328d675e6a59459c8256d07dee9f6ac9b89baea773d

    • SHA512

      b5f85bfda6c79c7bacc709e90cf794a80ba9d3a460ebc0d85d2e41a03a0f0fb7b5cde7550fbc60f73dad278394f47cbbbd43807ce925a6fff485f3182aa226e4

    • SSDEEP

      12288:fBKYvI8cbnlbviVApLEUB2pmz/9rKWqUhRKtJFArBWZlLhEkR:fOrdiWnB2gzFrKJUhqadWZNhj

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks