General

  • Target

    19521218150.zip

  • Size

    918KB

  • Sample

    241021-sl4blsxhrd

  • MD5

    cc3ab178c74ad35fb2cdf2c86cfea0de

  • SHA1

    a79ef88607b6c8801773ddec887f00b0efc663e0

  • SHA256

    a1a2abeaffd2e053efe1997a05a88837581230929f581bae934e49b75a1f81ad

  • SHA512

    ac0deab0b24b632e2347093ef27c6cfc4e8c364ccb556d56afe783963570c33f18a2db7dbcc80fa35e80861f9bed76ffff57fcabc2b8c3359cfbc9f4ee4da968

  • SSDEEP

    24576:pEhdhczygELHkAdI6KLr6FPpaptpzlkOLzzJAz:pEvyWHkA+r6Fhap9kOLfS

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7229061445:AAE3FCrpjv4NkOLREC4l7rC81cO6xC0-XZI/sendMessage?chat_id=1934716051

Targets

    • Target

      PROFOMA INVOICE 90021144577.exe

    • Size

      1.2MB

    • MD5

      1fee12ff03049fbdb2b704b38813b76e

    • SHA1

      b36742ac22738ed0833d90fe9ea1f4e9ee37981c

    • SHA256

      3184c6a5b7d08a422e58b2b8ad2f7e1087dde96f1586b641144a36e44caf6d52

    • SHA512

      dea648c9c3ae22f69746650348035558596737db2b82f4c348d481bfd12397fc6289354ece41b1a5b1f26b934e979e558d0388bb9c21a9f75c7e09ba51ceb62b

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QL1XsfzZEJpEZ5sza+7wHaEb4m9qmj/IYE:f3v+7/5QL1+6SEcnbVbE

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks