General

  • Target

    6c72cb65233e11d0a50011cd4b07575f151fdd02ce4f49ae28fefa5cf4684757

  • Size

    624KB

  • Sample

    241206-wt52yszpgx

  • MD5

    b831233ee42c15512a440dba9e01ffde

  • SHA1

    1b8f4f5661c5f19d8654ac87300f14624af849a6

  • SHA256

    6c72cb65233e11d0a50011cd4b07575f151fdd02ce4f49ae28fefa5cf4684757

  • SHA512

    c8ee153f6749c2bd1386285a2d4481b5f532167efc4999159787d6248a48fba6b21db9d5d229d171a7fc27e69b36d8661f459ee71fdec0ee98584759999c68cd

  • SSDEEP

    12288:9UfHbFU9IAPhjOaRbvo4MuWS2My9UeAeZ5YQ2v7:ufHb29IUoS2uWIoUoHE

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7546896793:AAGEGIt0RtLapwHQA3llERLQC1AMW8eOKsI/sendMessage?chat_id=7941049362

Targets

    • Target

      Awb_000051224..exe

    • Size

      1.0MB

    • MD5

      385af6b596eb196b00f5e98ad9610d5c

    • SHA1

      86369c454882788520e46e529bc9c9315a0280b5

    • SHA256

      ce5cfba0bd5215b988c6a71324ec34b7cd0e5374f2123b251c84b27d404cf47d

    • SHA512

      bd889c11b3c1860afe2ec286be5cf49cd6fb748ff43c97b8957387acf6d1b64fbc1866ad562f252bd83dcfbb818ec71e209b8d7891d45d8fb3fdb237f7f072a4

    • SSDEEP

      24576:Ru6J33O0c+JY5UZ+XC0kGso6FadGU0zneWY:Du0c++OCvkGs9FadGU0hY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks