General

  • Target

    250920240826WORFSF1432409171532042.tar

  • Size

    853KB

  • Sample

    240925-wg71sayenl

  • MD5

    fefc4a42b1e718c286d0ce0f7b97f4a3

  • SHA1

    7c0a51380f54bc339499fac06b717428855d3080

  • SHA256

    6ab7ba29c912c00e870f68d20d2d5180bd900beb939b3c8fcf1190b333351cbe

  • SHA512

    e470b587ec43bdcb004c8c9a18b0cb0c9518b9967a5274b140c07fd7dc75319343976f9815b6350cb49f867d87f7a644b61ad23a76aa55040998c6a560ca4a0b

  • SSDEEP

    24576:bU+Q7KyXetQy2GfM94Wsrnpnz9AFDx6YXIrrxAf0wj5:bU195aZAJx6YXIXxAcwt

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

    • Target

      WOR-FSF-143_240917_153204 (2).exe

    • Size

      1.2MB

    • MD5

      2683bb4f5ae50df4c512f244fa228a0f

    • SHA1

      a6ebf6f22b98c6f2cc9af3a49a98e10e47a172ab

    • SHA256

      82b489119b79e2d9cc297af667147d90c930ac88d6ee8a20b5d7c68eeb6a582a

    • SHA512

      6cce63c5c64010df99671003b57bb09fa220f241d379bc5027708b61efbef59cabc035f0836343d7e06f22030d8dbb9afa9770701d984009f2280eb2f9642c00

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCPNXEOQGIxR7BeG3gCtgabdVBNT:7JZoQrbTFZY1iaCP+iIxneG3gybdlT

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks