General

  • Target

    dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N

  • Size

    1.2MB

  • Sample

    241003-cmnpjsshmh

  • MD5

    51814cf41310b66113844b967c1146f0

  • SHA1

    dd56ce15e8c4ed0c4e61aec6ae1cd0915bf6d2c3

  • SHA256

    dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14

  • SHA512

    eae90cd0acadeb31134db93cf209867b3fde6d10118b11d5875107ef7c2dd99aadf87ae91b094a035f27674d38a86fb9f034f5515e6b52d8359c1ca9a00b41ff

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCnmV5SY6QjL93/6FWu9vH1C5+ANA2uRghohzz53b:7JZoQrbTFZY1iaCsSYHv6FWcvH10+SAR

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

    • Target

      dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14N

    • Size

      1.2MB

    • MD5

      51814cf41310b66113844b967c1146f0

    • SHA1

      dd56ce15e8c4ed0c4e61aec6ae1cd0915bf6d2c3

    • SHA256

      dfebfd3149e14918a751a6b5cab7327168cfca7db31fbbf5c1f5a11c1fbf1d14

    • SHA512

      eae90cd0acadeb31134db93cf209867b3fde6d10118b11d5875107ef7c2dd99aadf87ae91b094a035f27674d38a86fb9f034f5515e6b52d8359c1ca9a00b41ff

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCnmV5SY6QjL93/6FWu9vH1C5+ANA2uRghohzz53b:7JZoQrbTFZY1iaCsSYHv6FWcvH10+SAR

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks