General

  • Target

    fdd89d3fbfaf8c4c44738c990e80089c.zip

  • Size

    20KB

  • Sample

    240926-bnjasaydjr

  • MD5

    d36bcdc2fdc51f9a6a21badc1f1c2e54

  • SHA1

    505ee6add24a32965f2dc9b0fcd5250d213835d9

  • SHA256

    d89462ef55d83dd28587ced515322c2785c72f7e78f1ab56450f6e5a66f7e96c

  • SHA512

    16f53770b9b8187b8d306ed9a547d4ed75f8f3c5cac8ecf8cbfe269aaff95d13be1233a06a2d3fd413baf998cd554789858e04bc430ce5dd91d73ed498a44f76

  • SSDEEP

    384:4yZsAoIdjlQWRizNNi4kMPbxyCAN1K/dQ+C2lnPkIci73lzBkHinIs:DToIdhQWRip1VbTv3Vn1VdIs

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

    • Target

      fdd89d3fbfaf8c4c44738c990e80089c

    • Size

      24KB

    • MD5

      fdd89d3fbfaf8c4c44738c990e80089c

    • SHA1

      6d13774bd3b635fea46531279cdd38eb3dce9ec2

    • SHA256

      cccee5a2127e925eb3b338bdfc4644f785ce7db11e378435fa8828352be65fae

    • SHA512

      22d6c083dab36275ee0873a0eab254b802bbc54798978833689c1590a1236a351c865bebf6085c928064e52e96affddb63326b04d7010cefb4916078d463c65f

    • SSDEEP

      768:5Ab4CCU29fuh+0BIcmNk32ska+oH7586u:2b4DbJmIc9bo

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks