General

  • Target

    Payment Notification PDF.gz

  • Size

    623KB

  • Sample

    241211-p1s8eaxnhj

  • MD5

    2de05561f50467940647676a7df2288c

  • SHA1

    6f91cd9e113aac30b39025b5800a8bf162062afb

  • SHA256

    3330b83ea0de9f2bfcb0998c3ad3aedb416bb1b14868674efc5310591969210d

  • SHA512

    710048ecab85f44ad360509f71d3b6f8e05268bfa5d28518bece9c1445f963ad71525ad5867e0b17fa338bf5b37fa1347e9af7e56cb7454f29b758bcb857d890

  • SSDEEP

    12288:dKwl1zonUPELr0Ol1LETB+GK44mvu6j7gbmj3s1FlaTHpRkb:dj1zeEMQRl4gFgbmDsFgrc

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7735874420:AAHB5lmusBq4MdXRakEVmgMVQ6wUkxr5YLE/sendMessage?chat_id=2146433139

Targets

    • Target

      Payment Notification PDF.exe

    • Size

      1.0MB

    • MD5

      80fb946e2d8d53ddf412d59d61bf83ab

    • SHA1

      8b7da84b92c61858eeb56410e05b208d885560e9

    • SHA256

      374b9a35bb8495f8de85a828224b6c1305ada58ca35d68798eb8e3ff9ec1d3a4

    • SHA512

      ba245097cdfbf2c13e8e99bedf2d46e3e6190b337a0b015077005d2a17f813e19fa9c0feab47c9dea45b019c49e5a067cf382ab5a61d135d108dd89e0adcb2d2

    • SSDEEP

      24576:Uu6J33O0c+JY5UZ+XC0kGso6FaInRgdQUyWY:uu0c++OCvkGs9FaIaY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks