General

  • Target

    1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe

  • Size

    1.0MB

  • Sample

    241202-dxcwgasmbp

  • MD5

    b59e2565fe790bd1803bec8e583c0e80

  • SHA1

    54eb800ac8cb2923997dd7bf7059951f714fee8f

  • SHA256

    1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46

  • SHA512

    8dada552ad3bb8fc7f112bb689f8cb2d293a5d566e4dc80e0090d2bb60db27aa2871d525b4367643b7e6a7941191f569079c940678ebfb341c086d5cda62dacd

  • SSDEEP

    24576:stb20pkaCqT5TBWgNQ7arslkvopEkQBX6A:VVg5tQ7arsWvXp5

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8051588258:AAE-CNbIS7UXg4eOA3t-8snZKI_z-YAyGQg/sendMessage?chat_id=7640920144

Targets

    • Target

      1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46N.exe

    • Size

      1.0MB

    • MD5

      b59e2565fe790bd1803bec8e583c0e80

    • SHA1

      54eb800ac8cb2923997dd7bf7059951f714fee8f

    • SHA256

      1d0b9a03e9bc5341bc3ffee170569efae0be569e19455826f04916bdd0f94a46

    • SHA512

      8dada552ad3bb8fc7f112bb689f8cb2d293a5d566e4dc80e0090d2bb60db27aa2871d525b4367643b7e6a7941191f569079c940678ebfb341c086d5cda62dacd

    • SSDEEP

      24576:stb20pkaCqT5TBWgNQ7arslkvopEkQBX6A:VVg5tQ7arsWvXp5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks