General

  • Target

    6aecc1c7bf17240fc17d6110a057126fc011d8eee1e9d77d07f95ae858a368a9

  • Size

    519KB

  • Sample

    240902-wv6pwavcql

  • MD5

    6646a478473297bb62864aef50fb3d94

  • SHA1

    2a5628cee46e734aaa57f89a90e786b925d9c596

  • SHA256

    6aecc1c7bf17240fc17d6110a057126fc011d8eee1e9d77d07f95ae858a368a9

  • SHA512

    e4d9e699bd14b64fd06149954a3e64a9e64d0beaa8896809eeaf363eb9171ae320140a65fbdffab410801084c369292eef404a8c4790e9af45e73b369f0135be

  • SSDEEP

    12288:Ku+ztxJ9LqzUHzZ5Cecoj1V9akK08Yuv09X8W5R:Q/+zUt5Xlj1V208YK0V/

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7315318214:AAHbW_8qzp1k_NeIC5gT45-OC58Jt1N6o4Y/sendMessage?chat_id=5080229442

Targets

    • Target

      Hjemmefronten.exe

    • Size

      532KB

    • MD5

      adae3851741cd656dd9ac55993676a09

    • SHA1

      c4e668dccfcd545152b395e9c3c828abce3282e5

    • SHA256

      c048753bf334e6ee8823698e0a2658bdc48b9df847e12b1f74fee01a9064df39

    • SHA512

      87a1aab3af37536648878aa3f8f5373921679ed8644e3c36e9fd553a0d27241f4b6d8e793d8c9aa0fd274bfefdf38de4267be32c93f7b529200261ea5fb6f5b2

    • SSDEEP

      12288:WC10cO9T6+MoSBdNV4y2I7sifQuqGKRkQbDmGLIgQW:WUwTDMoSJGyb7FlqGa/DmUQW

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks