General
-
Target
4.cmd
-
Size
100KB
-
Sample
240902-n7hjtazbrn
-
MD5
79c3e5cfb163bb9cb823166c2aaa9319
-
SHA1
35cf68835c7e4c6fc1eb0563cbd370662e4805af
-
SHA256
7e57c895fdd03bbb056c24ee015c8fb1413f9e95cd56dc869aa1c6ddead59307
-
SHA512
62f5139537fd26016d9dea5080ab4439bc2181d205f5d852bf0b71a130c15b7f6029ee4840bfc7b766afc766dfaff6f18e2dda14533e6c1a2e2c44348ec63ff6
-
SSDEEP
3072:xieiqqIZ+UFkTwpZQIC9MkxfoXumJlAfkO14v:weilyX8wpZ5CKkiXtG14v
Static task
static1
Behavioral task
behavioral1
Sample
4.cmd
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
4.cmd
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6771753441:AAEtW-sv17Uhb9H07XMq_7Iqh1LR5PcwQJ0/sendMessage?chat_id=1928664850
Targets
-
-
Target
4.cmd
-
Size
100KB
-
MD5
79c3e5cfb163bb9cb823166c2aaa9319
-
SHA1
35cf68835c7e4c6fc1eb0563cbd370662e4805af
-
SHA256
7e57c895fdd03bbb056c24ee015c8fb1413f9e95cd56dc869aa1c6ddead59307
-
SHA512
62f5139537fd26016d9dea5080ab4439bc2181d205f5d852bf0b71a130c15b7f6029ee4840bfc7b766afc766dfaff6f18e2dda14533e6c1a2e2c44348ec63ff6
-
SSDEEP
3072:xieiqqIZ+UFkTwpZQIC9MkxfoXumJlAfkO14v:weilyX8wpZ5CKkiXtG14v
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-