General
-
Target
TTR987654567000.bat
-
Size
1.1MB
-
Sample
240822-mwywzssgja
-
MD5
0eb2d9c9729de6350fa208cd9deda0c0
-
SHA1
5221a68480fc7872ac8f017ee99fa98b66e3cc87
-
SHA256
5b05fdf53cb47c6e86d4ccb039f4f9adc27d8f7ec8bd1e031e24c1d555a1c547
-
SHA512
bb82ed2a0d41651a23dd9715c5db987075449f13337def0bdf3f557ca0675bf5c1cd256e8c0982f8ba67ca1bef22596d044b7dfaecbd111e41b9f45f4f8cbd65
-
SSDEEP
12288:yP5RqRF6UxaKheNx0JDmygPiW4F0e+mfMlgbv:0ARF6Uxfe/01myUwfkCv
Static task
static1
Behavioral task
behavioral1
Sample
TTR987654567000.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
TTR987654567000.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Targets
-
-
Target
TTR987654567000.bat
-
Size
1.1MB
-
MD5
0eb2d9c9729de6350fa208cd9deda0c0
-
SHA1
5221a68480fc7872ac8f017ee99fa98b66e3cc87
-
SHA256
5b05fdf53cb47c6e86d4ccb039f4f9adc27d8f7ec8bd1e031e24c1d555a1c547
-
SHA512
bb82ed2a0d41651a23dd9715c5db987075449f13337def0bdf3f557ca0675bf5c1cd256e8c0982f8ba67ca1bef22596d044b7dfaecbd111e41b9f45f4f8cbd65
-
SSDEEP
12288:yP5RqRF6UxaKheNx0JDmygPiW4F0e+mfMlgbv:0ARF6Uxfe/01myUwfkCv
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-