General

  • Target

    e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe

  • Size

    1023KB

  • Sample

    241004-cn5z8aygmm

  • MD5

    5abd6361442edf2a48b887a5160ce0c4

  • SHA1

    afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53

  • SHA256

    e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d

  • SHA512

    43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277

  • SSDEEP

    24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7682425803:AAHHoZD1_lffPXz0N6EaljeP4aAXgk0EI3k/sendMessage?chat_id=2135869667

Targets

    • Target

      e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d.exe

    • Size

      1023KB

    • MD5

      5abd6361442edf2a48b887a5160ce0c4

    • SHA1

      afb2e5346bbca875bea5c24fc89c8d3ecfa9ff53

    • SHA256

      e89e8a35babc124eeb06c5ccd4920cc5be9d569cb58f97a8c7e624507c1c142d

    • SHA512

      43d69f26e24e80acd85a8d5460c6aae229ea9d88d860f259f99930675a50c1ee4b5c24c1345ed081dd84c3be568a50d7889bff76ccf2063e4ca453e2ee6b3277

    • SSDEEP

      24576:sl66HNUQq5cWT+X7iiclUZlkofGVdJDf+Uz2o:KqtlW/qJDfhz

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks