General

  • Target

    abc310a513d02735786554a683127b642cc1ea3394ae0041e04861d346518592

  • Size

    743KB

  • Sample

    241224-pww4haxmgz

  • MD5

    3e392fae4cae38570e584f88bfd0ee2f

  • SHA1

    0e8888c772a775bda245be93f933fa3a40012b57

  • SHA256

    abc310a513d02735786554a683127b642cc1ea3394ae0041e04861d346518592

  • SHA512

    0ed79b73ff090e009fb343ef62883736ca961a208be8e88656b26f70e4a8f66172ff53f7c9aab50b77bdc31340115167bcfaa90b6cadb65534d23099443f2ea7

  • SSDEEP

    12288:4+cSI3+fJtiIblugCIGiIlXtGkfTaPW+117cdkYIBOQLC7rDGUqQJrK+Cwy7PBe0:Q+igBpJIGkraPWCmIhLCDGUqUty7peYv

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8179583980:AAG4cdQWaAviOBBhSs3OrT1OX6_IUptNQv8/sendMessage?chat_id=6070006284

Targets

    • Target

      Printernummers.exe

    • Size

      770KB

    • MD5

      5e2ff1914fc1f8ebadf282f4096d6fc8

    • SHA1

      77d61bdf0ce63eed5324b56623b878fc3dc79890

    • SHA256

      f5f3c3a8c7f9f5fb9531fa0d57012ce0869b52b23d05e6c9b7a0220ac917db6d

    • SHA512

      e70121837b94ba002dc2093afcebed4ec1d3f90d46d1466fe66e4f0bd16a9426d58547946ef7f420c937017deb650c5705c7792f6047de68918f018b7ec4d916

    • SSDEEP

      12288:6DGZKmormA1FvvLR3x8rqDFXlo3KsAYzjDCwonXnWMIk2CyLuuOSFBPpJh/gpcXF:4mor/1t8uTooHNnXWMIdCkOqXPgKP9

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      1b0e41f60564cccccd71347d01a7c397

    • SHA1

      b1bddd97765e9c249ba239e9c95ab32368098e02

    • SHA256

      13ebc725f3f236e1914fe5288ad6413798ad99bef38bfe9c8c898181238e8a10

    • SHA512

      b6d7925cdff358992b2682cf1485227204ce3868c981c47778dd6da32057a595caa933d8242c8d7090b0c54110d45fa8f935a1b4eec1e318d89cc0e44b115785

    • SSDEEP

      96:s7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN838:UbGgGPzxeX6D8ZyGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks