General

  • Target

    REVISEDPROFORMAINVOICESTVC007934196.exe

  • Size

    1.2MB

  • Sample

    241022-ht48rsshne

  • MD5

    67a119c3341f880bbdb5f2644d17f3b2

  • SHA1

    2a28bddea438761f472cf39d3761b2b173ecc603

  • SHA256

    dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf

  • SHA512

    b142d5dac30db792571e5ea70c52abf20cfabd5a15c7b67f76d42c2f47d949098f5903bc9b1e06bc2f51c69ea7e0628a78d931b1ec94336e38678803a8341f76

  • SSDEEP

    12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLepFSYvIPRc06cf1+C7C8wpM6ZCuOqg:ffmMv6Ckr7Mny5QLUFKjZiMICsTIZ

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7725882686:AAEdNqRq1S4OfvxL8-nsXHOwdyw0BC3P-eQ/sendMessage?chat_id=7382809095

Targets

    • Target

      REVISEDPROFORMAINVOICESTVC007934196.exe

    • Size

      1.2MB

    • MD5

      67a119c3341f880bbdb5f2644d17f3b2

    • SHA1

      2a28bddea438761f472cf39d3761b2b173ecc603

    • SHA256

      dedb7b67ba438bc2faea141d65856106e7ed49148f8d66975adb12f693060dbf

    • SHA512

      b142d5dac30db792571e5ea70c52abf20cfabd5a15c7b67f76d42c2f47d949098f5903bc9b1e06bc2f51c69ea7e0628a78d931b1ec94336e38678803a8341f76

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLepFSYvIPRc06cf1+C7C8wpM6ZCuOqg:ffmMv6Ckr7Mny5QLUFKjZiMICsTIZ

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks