General

  • Target

    e5c5ddffae1ceeb78eeeeb7f993f1901ef1398a660fe9ee2cfd30af3e479a3fe

  • Size

    537KB

  • Sample

    241003-cvlvxstdjg

  • MD5

    c205f177636255f49ebf0e8fc350acd9

  • SHA1

    213da57bd5a82bec552685cf3a0a8ef76d9ff370

  • SHA256

    e5c5ddffae1ceeb78eeeeb7f993f1901ef1398a660fe9ee2cfd30af3e479a3fe

  • SHA512

    30d730671364436b420eafbe17ebce6f820f51023bbf81c7fe50a8ded1e662b5b77abf63510e69150fe180a62544487f446c56f49a6ba86a63072cc59768cfdc

  • SSDEEP

    12288:IIvvkkDXQjzz3sQIsDmS1l+6y0RWWX6tqb3tgey6ZzlsyLFp:XpAb3WYmmfy+rqtQdzZZsWFp

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667

Targets

    • Target

      order details.exe

    • Size

      1023KB

    • MD5

      6b752a6938b1e93f23ce8bd928ee84b8

    • SHA1

      2984fdfed10fbc93829961376fe877d134142a20

    • SHA256

      1ec28e8814497d10ce333d9ecd100ab86ec649e9b612a4349c7f0dbc382fca6f

    • SHA512

      29015c682b4d7553a50449a16f09b0e9110a6ad97fcc24a4fc8e6127d5711bc3c9f8375239758c3e99560d25e672c1e836a68010cd860fa2b10fac30b7c7aec7

    • SSDEEP

      12288:ssf/Q9N4Bw3XIlga8LunuX15h7cP1z4iE0EdCtqfGplddJDf+5IEO55zR+nyYr6:slalQLuuXk4iEiqfGVdJDf+UzNo

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks