General

  • Target

    d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N

  • Size

    897KB

  • Sample

    240930-2ldwdsycnk

  • MD5

    41e96a8eabf31d7b5abbeb15d5307b40

  • SHA1

    0c406ef15662e8580a724ef05dfb04d76c222c9c

  • SHA256

    d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1

  • SHA512

    9912ba11bef1e1b084d88e852e538e054c61878300993a35de859d44c35600d262c43432a76ba72ec087258fcdd20624bdf9faf3f87c34e5dfe17b3d3c824ed4

  • SSDEEP

    12288:uQTfJcX7m2QriOBq7bP7BqHwd//AulzaeNhmXGj4qTOU:+Xi2DgqBqQhAulzi1yOU

Malware Config

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    Yx74dJ0TP3M=
  • Port:
    25
  • Username:
    Yx74dJ0TP3M=
  • Password:
    Yx74dJ0TP3M=
  • Email To:
    Yx74dJ0TP3M=
C2

https://api.telegram.org/bot6836590615:AAFwcOu-vD49QRMuWGekV93uJdtVWmZdWUw/sendMessage?chat_id=5007084465

Targets

    • Target

      d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1N

    • Size

      897KB

    • MD5

      41e96a8eabf31d7b5abbeb15d5307b40

    • SHA1

      0c406ef15662e8580a724ef05dfb04d76c222c9c

    • SHA256

      d7ea65fb9c018f20cff23dc97bb8a9a6818e97c333a5485142f2e0210be204e1

    • SHA512

      9912ba11bef1e1b084d88e852e538e054c61878300993a35de859d44c35600d262c43432a76ba72ec087258fcdd20624bdf9faf3f87c34e5dfe17b3d3c824ed4

    • SSDEEP

      12288:uQTfJcX7m2QriOBq7bP7BqHwd//AulzaeNhmXGj4qTOU:+Xi2DgqBqQhAulzi1yOU

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks