General

  • Target

    81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe

  • Size

    1.0MB

  • Sample

    241203-c18xmsvrf1

  • MD5

    2c8f30a128855b88559a2876c0286416

  • SHA1

    eb253a85f2141bdb4707a80e6f2d22852c9578c3

  • SHA256

    81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d

  • SHA512

    6fdf837d6b3aa9ac3f5513db636ec20d26e10c94279b404cd77cb49ab013168334f786274047e36216c2618dc4494600b19db4481a6bae80e8b3befff815c404

  • SSDEEP

    24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6Au:8Vg5tQ7aj+LCSBt15u

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7157329086:AAGOsSc2V0wvMRyvFFXhUVN6YYkkxDpjHDU/sendMessage?chat_id=7337843299

Targets

    • Target

      81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d.exe

    • Size

      1.0MB

    • MD5

      2c8f30a128855b88559a2876c0286416

    • SHA1

      eb253a85f2141bdb4707a80e6f2d22852c9578c3

    • SHA256

      81f11f7138268a889b5d068f747d4f4d71a688c7a7f3b057a0140e63a9d5d40d

    • SHA512

      6fdf837d6b3aa9ac3f5513db636ec20d26e10c94279b404cd77cb49ab013168334f786274047e36216c2618dc4494600b19db4481a6bae80e8b3befff815c404

    • SSDEEP

      24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6Au:8Vg5tQ7aj+LCSBt15u

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks