General

  • Target

    25092024_1210_25092024_Inquiry List.7z

  • Size

    887KB

  • Sample

    240925-pb8xkaxgkc

  • MD5

    00aacebb1309bb2a82de9a8706f86b75

  • SHA1

    b4ccfb27909bc6d0937c399d5620de9ec3328401

  • SHA256

    f943cb049d650e9be768892b91e02be530367862e7ba40d6ff80c83cb69c38b2

  • SHA512

    1ec5f4bc1c4447297c04993cbb32c9820d25d5c9965d454cd38f56495579b2842ff2069a4c3141ebdf27b38d9a2ebf2cb99979f6427627dbb72f37a1be355d35

  • SSDEEP

    24576:+U+Q7KyXetctsMLUm4Od23xkW2kNvBMlbqz1:+U19LmMLUewK/kHGY

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

    • Target

      Inquiry List.exe

    • Size

      1.2MB

    • MD5

      bdfe2ec12bd1484da6771e1862f7a7cc

    • SHA1

      ffe2ca6d0e9ff913c160b76261f5d55bedf0b278

    • SHA256

      1fdaed5b8ab899d562cc02742f56ae5ee1099dbdabda16bc399d07f4de7cf81d

    • SHA512

      cca00ddc1c6feb851123582af080217d006d41a03dc96efb86c7f94a1b0714c283835f04c59a612e91128a42d30e9838ee07e73d713de7a8297220d2c3b6dde8

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCTnQUPskpg4c6OOXSp6rDX7a+sG7nx3:7JZoQrbTFZY1iaCTLEENGd6rDX7RsGx

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks