General
-
Target
bbbc844bf82ea997ab5cfd67fa2cf2dfd258238fad3aae60f79c83e18b53e17a
-
Size
809KB
-
Sample
241003-m8jb3axbmp
-
MD5
d54cb71dd5cb5f6526caba0af47a7bca
-
SHA1
091a8401d299bbfca6df7a64e85f183e06127024
-
SHA256
bbbc844bf82ea997ab5cfd67fa2cf2dfd258238fad3aae60f79c83e18b53e17a
-
SHA512
b463634298a290e1dc3cea637777011b3290d8a796ee57efa03a1aff6baa9ae71e140878c0f905d3b0e4f9a32cbec79ae43a8749cc8a47f914d819fc26747f46
-
SSDEEP
12288:3o2HP4L6cOthgBv1UocJ0UJ6oXRs8IM4yCv51ivR+8tqcqdQ0iVBYTpKj9mYvCBU:V4Lxq2MocOogxXvuZaRu0kKfU
Static task
static1
Behavioral task
behavioral1
Sample
DOC_1WD8M_P7JX9_S3DGB.scr
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
DOC_1WD8M_P7JX9_S3DGB.scr
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7981479098:AAGlhAiCCr0chNTC0W-0deoiSiqAaLukVdA/sendMessage?chat_id=7639257039
Targets
-
-
Target
DOC_1WD8M_P7JX9_S3DGB.scr
-
Size
1.9MB
-
MD5
a026b6b33da23ff080902254c9da5538
-
SHA1
8e8340d50402e439d97bbffcf55e1ce4311d30e3
-
SHA256
386b1d73db67e0cb418ffe97a6d93fb502cde6d3ba537d67bd626a21820e12da
-
SHA512
8050781a72203fff34c0bb6b74914c76076806ebd6bc046567eb30617f024ff9c7dfadf1d0144e113586b8af039264b25158222e8e95fa0c40b776646319c1e3
-
SSDEEP
24576:NlsveSgHNM3GTtQHy4ZIs7VxCGDwyrfPeL8wI:NtM3GtQHVUafPeG
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2