General
-
Target
summary_report_0298762tg.RXX.PDF.Z
-
Size
635KB
-
Sample
240924-jrc7yazekh
-
MD5
1322136f8c0f5d9cf613870d7acfeb43
-
SHA1
7ab519d32c380c098e6b800189ae14da1ee6fcf1
-
SHA256
1e27330d41cf2bc0195c050af7b4d42f321752727cf1117332e446a0246fec3e
-
SHA512
e704d45f138aa75a7982f984f12fb471ed02437a50361b9f753496dce44b47c517d680eec2d6e141b16cea9babd065cfe97ee5b2c42de9f031e63369c3566d13
-
SSDEEP
12288:QBUI1iUlr5dcNA5cK+NWK0p12dir4UUH+PLLsY2n1Ui3lLLGieJUeyK:QBV1J3f58Ep12disfH+jLX2nxl5cqK
Static task
static1
Behavioral task
behavioral1
Sample
summary_report_0298762tg.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
summary_report_0298762tg.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7331041604:AAE-Us7UbUFSJts_TZoHHXgsfP7KSC7d5do/sendMessage?chat_id=7422462541
Targets
-
-
Target
summary_report_0298762tg.exe
-
Size
684KB
-
MD5
07f6ab2cc7e02e5b7eb3a1c1df9feb81
-
SHA1
b1b285b06f48639161e5496a7faac584ac8542e7
-
SHA256
d843feb33765df99f544515b6bcdffea27cb47a5a14f3b9ae50114b09fb6581d
-
SHA512
562fa48f630061d0abe95896bd4580eae4b7af07c81f28cc042e5d3f59d7c5bbb13431032ff56863d483697157bb75b7bd5cc9b9368fd54e948d03ec75f8110b
-
SSDEEP
12288:gJLdutCi+h12jplguYFeg3XbIaVCNfO5Rz9Z9cWqv8l58bQbn:gJLQCiVjplMbz8NOBD9ms2I
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2