General

  • Target

    4.cmd

  • Size

    100KB

  • Sample

    240902-n7hjtazbrn

  • MD5

    79c3e5cfb163bb9cb823166c2aaa9319

  • SHA1

    35cf68835c7e4c6fc1eb0563cbd370662e4805af

  • SHA256

    7e57c895fdd03bbb056c24ee015c8fb1413f9e95cd56dc869aa1c6ddead59307

  • SHA512

    62f5139537fd26016d9dea5080ab4439bc2181d205f5d852bf0b71a130c15b7f6029ee4840bfc7b766afc766dfaff6f18e2dda14533e6c1a2e2c44348ec63ff6

  • SSDEEP

    3072:xieiqqIZ+UFkTwpZQIC9MkxfoXumJlAfkO14v:weilyX8wpZ5CKkiXtG14v

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6771753441:AAEtW-sv17Uhb9H07XMq_7Iqh1LR5PcwQJ0/sendMessage?chat_id=1928664850

Targets

    • Target

      4.cmd

    • Size

      100KB

    • MD5

      79c3e5cfb163bb9cb823166c2aaa9319

    • SHA1

      35cf68835c7e4c6fc1eb0563cbd370662e4805af

    • SHA256

      7e57c895fdd03bbb056c24ee015c8fb1413f9e95cd56dc869aa1c6ddead59307

    • SHA512

      62f5139537fd26016d9dea5080ab4439bc2181d205f5d852bf0b71a130c15b7f6029ee4840bfc7b766afc766dfaff6f18e2dda14533e6c1a2e2c44348ec63ff6

    • SSDEEP

      3072:xieiqqIZ+UFkTwpZQIC9MkxfoXumJlAfkO14v:weilyX8wpZ5CKkiXtG14v

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks