General
-
Target
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe
-
Size
1.1MB
-
Sample
240820-vbnjhswhql
-
MD5
8ab89c59c8fda81159ae27eaf35dd684
-
SHA1
aaadcdafc21a5f2a4a22e679ec87125928e299bd
-
SHA256
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419
-
SHA512
9af7f0b9a3209f296bdec04ddbc41cc7ecd5ae4136e13e64ec1025d5acebbe04040f243cfd5098ce87acb58ac4e50d322d53a448a05fcfc3f293ae00967b2f41
-
SSDEEP
24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8azSFN:hTvC/MTQYxsWR7azSF
Static task
static1
Behavioral task
behavioral1
Sample
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Targets
-
-
Target
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419.exe
-
Size
1.1MB
-
MD5
8ab89c59c8fda81159ae27eaf35dd684
-
SHA1
aaadcdafc21a5f2a4a22e679ec87125928e299bd
-
SHA256
96b4dc68d491b25769c36f74ad0403c1e775cd4c02b7859941267f40d1834419
-
SHA512
9af7f0b9a3209f296bdec04ddbc41cc7ecd5ae4136e13e64ec1025d5acebbe04040f243cfd5098ce87acb58ac4e50d322d53a448a05fcfc3f293ae00967b2f41
-
SSDEEP
24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8azSFN:hTvC/MTQYxsWR7azSF
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-