General
-
Target
22102024_0316_LOI -New_order_2024.bat.rar
-
Size
373B
-
Sample
241022-dsl9cawblj
-
MD5
909aefd39e5760e7a4c81d77897da6bf
-
SHA1
384b7706f0e552c28a13da7803b1185030d690b9
-
SHA256
81a8829ae97f2400d73545ec4909173f0c479add89ac97198e2783237132a94f
-
SHA512
6592dacaa838c53715806ef36c6c250688fbf74aedd194a1c09b244232ed8bfdda5ff2e13d6ffff879b4a668dfe21eca6ae22e6989569e41c7021a7b23e0673a
Static task
static1
Behavioral task
behavioral1
Sample
LOI -New_order_2024.bat
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
LOI -New_order_2024.bat
Resource
win10v2004-20241007-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7585192593:AAFE-RkJZiA7gb0SuNTaCaZjBmSC7ArGOxk/sendMessage?chat_id=7469598136
Targets
-
-
Target
LOI -New_order_2024.bat
-
Size
318B
-
MD5
96e89ef9d071c5a6fe089b7a1c1d4777
-
SHA1
5c0436fc7fa6607bb3d07b7bf5f69864bdba655b
-
SHA256
53ba56fd066063d87352b27dc2e0d5bbb2385321e36e1e5018221a0cb780fc8c
-
SHA512
df773a906bcbb555af303e25b8f8aac02c00f2cc37da7e30327ff9f0049036c1efd059f22fcebe870bea80526907166bac8cb7ebefd1bfcdffd114f5823df4da
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-