General

  • Target

    941121ee86aedcd5b3b86c677255924913b1acdccf452159423636c210415776N

  • Size

    863KB

  • Sample

    240929-3zm7na1clf

  • MD5

    6ffcb918dafd0d182bae33bc38b57450

  • SHA1

    3844e713119415723708482e774abad7e6ff1ce0

  • SHA256

    941121ee86aedcd5b3b86c677255924913b1acdccf452159423636c210415776

  • SHA512

    701864001b8559aafce2e084ebfac803e017bdd2fb18a7501d9914ad62fc9f4f18c1821dcd01b0644d80fd54d40bf63eb88ebd84b83e7f3384d9f8c1e563e4f1

  • SSDEEP

    24576:2goxlaIGgVNZKAf0FtWMT6DJpPtDFAX6W:2goxlasAq0FtWMT6FpPVFAX

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7544728067:AAGLwA_euDB2noK3pr6iG8sF_66AjA8Mb9c/sendMessage?chat_id=6055880871

Targets

    • Target

      941121ee86aedcd5b3b86c677255924913b1acdccf452159423636c210415776N

    • Size

      863KB

    • MD5

      6ffcb918dafd0d182bae33bc38b57450

    • SHA1

      3844e713119415723708482e774abad7e6ff1ce0

    • SHA256

      941121ee86aedcd5b3b86c677255924913b1acdccf452159423636c210415776

    • SHA512

      701864001b8559aafce2e084ebfac803e017bdd2fb18a7501d9914ad62fc9f4f18c1821dcd01b0644d80fd54d40bf63eb88ebd84b83e7f3384d9f8c1e563e4f1

    • SSDEEP

      24576:2goxlaIGgVNZKAf0FtWMT6DJpPtDFAX6W:2goxlasAq0FtWMT6FpPVFAX

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks