General

  • Target

    103e969c365b0603d89a259f30984820N.exe

  • Size

    769KB

  • Sample

    240902-kefyqsxcnd

  • MD5

    103e969c365b0603d89a259f30984820

  • SHA1

    72fe563bf69448c02b1d70b9b09320295cb28c64

  • SHA256

    7e0c2873e65dda6ec572bd59b846d794aba1c16746676f2c7e378e2aa96bb1ae

  • SHA512

    bbebda62a833a39050471be3e656340b2fd695ded0fba1914ebc8efe8224e6678bd90e29750171f461ebfe56de3732000cd60c7c1d76f47d7d8fb67c61e45165

  • SSDEEP

    24576:0jwdGKe/eqF2VveP2ES6YOecDYWnpTI5GIax/Lkl07N:00dMCve2TOeuvpT4raOG

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAFfPnSoEnQ7t4FKDH0Jch2gKTwGo4oCCAs/sendMessage?chat_id=2065242915

Targets

    • Target

      103e969c365b0603d89a259f30984820N.exe

    • Size

      769KB

    • MD5

      103e969c365b0603d89a259f30984820

    • SHA1

      72fe563bf69448c02b1d70b9b09320295cb28c64

    • SHA256

      7e0c2873e65dda6ec572bd59b846d794aba1c16746676f2c7e378e2aa96bb1ae

    • SHA512

      bbebda62a833a39050471be3e656340b2fd695ded0fba1914ebc8efe8224e6678bd90e29750171f461ebfe56de3732000cd60c7c1d76f47d7d8fb67c61e45165

    • SSDEEP

      24576:0jwdGKe/eqF2VveP2ES6YOecDYWnpTI5GIax/Lkl07N:00dMCve2TOeuvpT4raOG

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks