General

  • Target

    00ce10d9b88c345825724ce92bb586a2114fd31ca31cc43edca7c937e123ac24.exe

  • Size

    1.0MB

  • Sample

    241206-cfp9sstrex

  • MD5

    34c3134dc7be9effada0668acdc238b0

  • SHA1

    cd69206e6884a5a4a20450d855ce90ca657a9039

  • SHA256

    00ce10d9b88c345825724ce92bb586a2114fd31ca31cc43edca7c937e123ac24

  • SHA512

    39c30d666f12cb3c847cfd96b591f07961ec8a519ac11465c8eb88f33d09dd10df49c6e4271a0cdb1392ff3ef549ac4334a3d3abe9e811132fcf732a25335d6b

  • SSDEEP

    24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6A:8Vg5tQ7aj+LCSBt15

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7157329086:AAGOsSc2V0wvMRyvFFXhUVN6YYkkxDpjHDU/sendMessage?chat_id=7337843299

Targets

    • Target

      00ce10d9b88c345825724ce92bb586a2114fd31ca31cc43edca7c937e123ac24.exe

    • Size

      1.0MB

    • MD5

      34c3134dc7be9effada0668acdc238b0

    • SHA1

      cd69206e6884a5a4a20450d855ce90ca657a9039

    • SHA256

      00ce10d9b88c345825724ce92bb586a2114fd31ca31cc43edca7c937e123ac24

    • SHA512

      39c30d666f12cb3c847cfd96b591f07961ec8a519ac11465c8eb88f33d09dd10df49c6e4271a0cdb1392ff3ef549ac4334a3d3abe9e811132fcf732a25335d6b

    • SSDEEP

      24576:/tb20pkaCqT5TBWgNQ7aj+LCx0Bthb6A:8Vg5tQ7aj+LCSBt15

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks