General

  • Target

    a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe

  • Size

    844KB

  • Sample

    241125-dbah8avjav

  • MD5

    66ecc5207b13c8ab6e2289aae6fddde1

  • SHA1

    9f6a9dec6a08fafd49908831ea27b0410b6bd934

  • SHA256

    a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f

  • SHA512

    80fded17f0ca1cf6c61600dadeaaf171de83de4276b11aefeda43f497a39c0f029af9284d604ae5d892cfb72eae6ad352ab4b07a40ac2eb7fc0270286974e6ae

  • SSDEEP

    12288:8/AKvOjFE2PvzaAsXAxkdnJoAjXbQYi2yBZFVkh7aZMljR0lE/V5Je0sZptLOije:DoOGiwwxkBJoSr+zxU77jH5toptKigDf

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8065526741:AAEj68BwW3BsUStAxrPkDSB2kLxwQ3yik84/sendMessage?chat_id=6897585916

Targets

    • Target

      a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f.exe

    • Size

      844KB

    • MD5

      66ecc5207b13c8ab6e2289aae6fddde1

    • SHA1

      9f6a9dec6a08fafd49908831ea27b0410b6bd934

    • SHA256

      a6ed79b31900fa2568d166b96514ecdd7f79a3cfeb3fe9a21d670ee4630bbf4f

    • SHA512

      80fded17f0ca1cf6c61600dadeaaf171de83de4276b11aefeda43f497a39c0f029af9284d604ae5d892cfb72eae6ad352ab4b07a40ac2eb7fc0270286974e6ae

    • SSDEEP

      12288:8/AKvOjFE2PvzaAsXAxkdnJoAjXbQYi2yBZFVkh7aZMljR0lE/V5Je0sZptLOije:DoOGiwwxkBJoSr+zxU77jH5toptKigDf

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks