General

  • Target

    Technonomic.exe

  • Size

    759KB

  • Sample

    241224-mghlfsvmb1

  • MD5

    c174a412be6f74c3323ae8d6d4737086

  • SHA1

    c703daa5df8c281206a8d85b582b8a1b729748f5

  • SHA256

    bb71b94948e6929047bde8df94c187fbb6f2cc0119a0c386f84b9ea144aabd67

  • SHA512

    9f2b95174fd1283964ea61e6dbe07c450ed0a01aad6b3852c43ef6811a92878f0f123dfbc1f88b2cf05479a94af098591bd579f3c3581521819f3b12d20dfa42

  • SSDEEP

    12288:iDGZKmormA1bzZN13qv776npUyBsIpxBFmgI2uSb+zKikGOfj8UvbjSM+LLWwvpf:gmor/1/Z877oS8sEx/PI//zKNzpbNQLt

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8179583980:AAG4cdQWaAviOBBhSs3OrT1OX6_IUptNQv8/sendMessage?chat_id=6070006284

Targets

    • Target

      Technonomic.exe

    • Size

      759KB

    • MD5

      c174a412be6f74c3323ae8d6d4737086

    • SHA1

      c703daa5df8c281206a8d85b582b8a1b729748f5

    • SHA256

      bb71b94948e6929047bde8df94c187fbb6f2cc0119a0c386f84b9ea144aabd67

    • SHA512

      9f2b95174fd1283964ea61e6dbe07c450ed0a01aad6b3852c43ef6811a92878f0f123dfbc1f88b2cf05479a94af098591bd579f3c3581521819f3b12d20dfa42

    • SSDEEP

      12288:iDGZKmormA1bzZN13qv776npUyBsIpxBFmgI2uSb+zKikGOfj8UvbjSM+LLWwvpf:gmor/1/Z877oS8sEx/PI//zKNzpbNQLt

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      1b0e41f60564cccccd71347d01a7c397

    • SHA1

      b1bddd97765e9c249ba239e9c95ab32368098e02

    • SHA256

      13ebc725f3f236e1914fe5288ad6413798ad99bef38bfe9c8c898181238e8a10

    • SHA512

      b6d7925cdff358992b2682cf1485227204ce3868c981c47778dd6da32057a595caa933d8242c8d7090b0c54110d45fa8f935a1b4eec1e318d89cc0e44b115785

    • SSDEEP

      96:s7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN838:UbGgGPzxeX6D8ZyGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks