General

  • Target

    rl_39581dce09ab253bc211c233a19fa8fd993f9aa0b04da21d5a9798abe34b9f77

  • Size

    1.1MB

  • Sample

    250701-jn857sdp2v

  • MD5

    9e13a91027aad0b72286c035e03c9bee

  • SHA1

    5608cc65418cbaa79486271e70efe86bf3f89f2a

  • SHA256

    39581dce09ab253bc211c233a19fa8fd993f9aa0b04da21d5a9798abe34b9f77

  • SHA512

    5aad7e3b3432c6a9e5b47544d955c37871495dead45ad46d8e632d87ac8e0f937040d47a0adcc02c81055f563a701b94384eba55f32710f35eb0257417f3e2e3

  • SSDEEP

    24576:0uE0Vsb8Imfh1hGryBtXZ6/YJhGryBtXZ6/Y:HPVC8phD9KAn9KA

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7604002007:AAFT10a4un5YxTEh_lnASAJ8zp5sfBvBmxY/sendMessage?chat_id=7942936945

Targets

    • Target

      rl_39581dce09ab253bc211c233a19fa8fd993f9aa0b04da21d5a9798abe34b9f77

    • Size

      1.1MB

    • MD5

      9e13a91027aad0b72286c035e03c9bee

    • SHA1

      5608cc65418cbaa79486271e70efe86bf3f89f2a

    • SHA256

      39581dce09ab253bc211c233a19fa8fd993f9aa0b04da21d5a9798abe34b9f77

    • SHA512

      5aad7e3b3432c6a9e5b47544d955c37871495dead45ad46d8e632d87ac8e0f937040d47a0adcc02c81055f563a701b94384eba55f32710f35eb0257417f3e2e3

    • SSDEEP

      24576:0uE0Vsb8Imfh1hGryBtXZ6/YJhGryBtXZ6/Y:HPVC8phD9KAn9KA

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks