General
-
Target
24092024_1032_22092024_POI98765678000.doc.x.lz
-
Size
703KB
-
Sample
240924-mk4cbsvcnh
-
MD5
3130fd1187e0ba2aaf68328f9c345d02
-
SHA1
06bd553b01422508fcbedb3b06c51986b48ab8d7
-
SHA256
2e6fed58744ebe87823d694952059043451f868c4b7dbf77f40be701d5fc196b
-
SHA512
3b2cbe475a88be4faa3e6dbfb55dbca27f9956ae3dbec55c0b665520440753f4aa0436745b0c14281ac2455c9ce8dad7adbe7449d87ab18b83713ea0f6f7621d
-
SSDEEP
12288:ozibDj2/BNywbkGbKZe0+dN18avv1AoyANxRWteitBJmpKqRMSP3/1POv0jtRDX:oObDjCBYwb3KZcdTAo7Pme4DiKqRMSPR
Static task
static1
Behavioral task
behavioral1
Sample
POI98765678000.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
POI98765678000.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Targets
-
-
Target
POI98765678000.exe
-
Size
793KB
-
MD5
a02df126a5c561196250dd3c90d0a0c3
-
SHA1
ca785dd363f65458d665cccbc6df83c846162673
-
SHA256
ffede3ac9d80782857a477bc5c6df65b31c193734ccfe5ab29bbfa3bc8649fea
-
SHA512
1103ec84e840e00fb8c648c677c20de3c5c8381671009166826009e307316d7fabef0f5a8511d5d07710e8ce2a942e083b050fcdfd2a42bb38f0c8e0ff1aedc5
-
SSDEEP
24576:etzxlaIGgVhChb+U7KgElt+MqRMKPRJAmo:etzxlaz/iT+xPRJS
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-