General

  • Target

    FinalDraftDocument.exe

  • Size

    488KB

  • Sample

    241002-y3le1svcjj

  • MD5

    809e7ea49edaf85cb1d5bd558e5c5193

  • SHA1

    0eccd79c5a83552cfdbb869bf800946b07373203

  • SHA256

    9b6a9353b8f6dd2125d0b15d32724606744990de68541d8714153935e7f69a2a

  • SHA512

    4e18195b6a226bf6e427ecc8bbf9bed6fe4075411b9d26971510222fa8fd39778cac8dd85fc58c22dca1012d2e6bd10f09eec69983e99d43c890bd2a52cde58f

  • SSDEEP

    12288:jrvWGrvWvrvWZrvWb2BKMAKtWjg8lNqOi/GUr:jLWGLWvLWZLWqQHjlNqbrr

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8077340278:AAH_Kxl1wfWRxGS3WgpXXx6UyRcTAMq6dmU/sendMessage?chat_id=5325450360

Targets

    • Target

      FinalDraftDocument.exe

    • Size

      488KB

    • MD5

      809e7ea49edaf85cb1d5bd558e5c5193

    • SHA1

      0eccd79c5a83552cfdbb869bf800946b07373203

    • SHA256

      9b6a9353b8f6dd2125d0b15d32724606744990de68541d8714153935e7f69a2a

    • SHA512

      4e18195b6a226bf6e427ecc8bbf9bed6fe4075411b9d26971510222fa8fd39778cac8dd85fc58c22dca1012d2e6bd10f09eec69983e99d43c890bd2a52cde58f

    • SSDEEP

      12288:jrvWGrvWvrvWZrvWb2BKMAKtWjg8lNqOi/GUr:jLWGLWvLWZLWqQHjlNqbrr

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks