General

  • Target

    SecuriteInfo.com.Script.SNH-gen.21168.29001.exe

  • Size

    1.1MB

  • Sample

    250630-xc1lkstqx6

  • MD5

    eb6875efb11a6b7a63b00c59e40a1bf3

  • SHA1

    4d9b9665d1126c0ae6ca1b333824c43c0c7abb3f

  • SHA256

    8007c31e19a9fc2f69d1ddaa299b022585e29162810810078d08144d39f11e65

  • SHA512

    e8742de4d7ac1c18885dd4788111916426fe5038327c27a019294b84b020ff1b9c093e7dbf524f537e0bac3ebcdaa7c02343cd7d949eb2dd98765819177ffe5d

  • SSDEEP

    24576:W5EmXFtKaL4/oFe5T9yyXYfP1ijXdap4rokrR0JO8:WPVt/LZeJbInQRap/L

Malware Config

Extracted

Family

vipkeylogger

Credentials
C2

https://api.telegram.org/bot8099843793:AAGeYKMLti1IpyT9o6bz7OtgdXF9md25uXA/sendMessage?chat_id=6337180137

Targets

    • Target

      SecuriteInfo.com.Script.SNH-gen.21168.29001.exe

    • Size

      1.1MB

    • MD5

      eb6875efb11a6b7a63b00c59e40a1bf3

    • SHA1

      4d9b9665d1126c0ae6ca1b333824c43c0c7abb3f

    • SHA256

      8007c31e19a9fc2f69d1ddaa299b022585e29162810810078d08144d39f11e65

    • SHA512

      e8742de4d7ac1c18885dd4788111916426fe5038327c27a019294b84b020ff1b9c093e7dbf524f537e0bac3ebcdaa7c02343cd7d949eb2dd98765819177ffe5d

    • SSDEEP

      24576:W5EmXFtKaL4/oFe5T9yyXYfP1ijXdap4rokrR0JO8:WPVt/LZeJbInQRap/L

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks