General

  • Target

    22102024_0316_LOI -New_order_2024.bat.rar

  • Size

    373B

  • Sample

    241022-dsl9cawblj

  • MD5

    909aefd39e5760e7a4c81d77897da6bf

  • SHA1

    384b7706f0e552c28a13da7803b1185030d690b9

  • SHA256

    81a8829ae97f2400d73545ec4909173f0c479add89ac97198e2783237132a94f

  • SHA512

    6592dacaa838c53715806ef36c6c250688fbf74aedd194a1c09b244232ed8bfdda5ff2e13d6ffff879b4a668dfe21eca6ae22e6989569e41c7021a7b23e0673a

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7585192593:AAFE-RkJZiA7gb0SuNTaCaZjBmSC7ArGOxk/sendMessage?chat_id=7469598136

Targets

    • Target

      LOI -New_order_2024.bat

    • Size

      318B

    • MD5

      96e89ef9d071c5a6fe089b7a1c1d4777

    • SHA1

      5c0436fc7fa6607bb3d07b7bf5f69864bdba655b

    • SHA256

      53ba56fd066063d87352b27dc2e0d5bbb2385321e36e1e5018221a0cb780fc8c

    • SHA512

      df773a906bcbb555af303e25b8f8aac02c00f2cc37da7e30327ff9f0049036c1efd059f22fcebe870bea80526907166bac8cb7ebefd1bfcdffd114f5823df4da

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks