General

  • Target

    MT Eagle Asia 1.zip

  • Size

    537KB

  • Sample

    241003-ncwg7axcjn

  • MD5

    cc114da649d82388ed1d631691294d75

  • SHA1

    adc912746a469a787cfdf58947aaa15f50e236a4

  • SHA256

    979c002bb98b733b97dcd04cbb6d4a6213555cd4c0dfcda451512b7891d90832

  • SHA512

    1a0e630deffad3b924d5bbdac690593134a92d2b0379749c4baa1cd4059057f9e1d3646816e28df3522ed4fd435804abaabb2cd34e50e4621a212c8a5eec8352

  • SSDEEP

    12288:yIvvkkDXQM0Sj0zC8iabG8/oGW+z4CdY9W7A3oeevL2YjUSkEA4rDSNw:BpAMXj0zviA7oEzLLM4eALxUS64KNw

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667

Targets

    • Target

      MT Eagle Asia 1.exe

    • Size

      1023KB

    • MD5

      5abd6361442edf2a48b887a5160ce0c4

    • SHA1

      afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53

    • SHA256

      e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d

    • SHA512

      43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277

    • SSDEEP

      24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks