General
-
Target
Inquiry HA-22-28199 22-077.vbs
-
Size
12KB
-
Sample
241110-g4wtps1epr
-
MD5
605abed3e1d7266ea35c8517b5961010
-
SHA1
4c35a1a9e7385b8216812f3c6ff73b23b1710d18
-
SHA256
394ce0420dc3786db150a630ceb90bac466bf4a3c3f1f792441fed6fb0b6dc34
-
SHA512
15ff74ef09974c51a36cd4197c45c3391dd76317c2d278a34c9df5adf3cbee41f6fc9cf25450d73f3e6f4e63f00c0e65d874f6b572421bf49611544d11467bbc
-
SSDEEP
192:bWyKzktunJRUyKzktJDlvgia0GONzU09iT0yFnVk03u3A/WeFW9tWHaFi:Cy44unfUy44dPlzNiKeFsin
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry HA-22-28199 22-077.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Inquiry HA-22-28199 22-077.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
Extracted
vipkeylogger
Targets
-
-
Target
Inquiry HA-22-28199 22-077.vbs
-
Size
12KB
-
MD5
605abed3e1d7266ea35c8517b5961010
-
SHA1
4c35a1a9e7385b8216812f3c6ff73b23b1710d18
-
SHA256
394ce0420dc3786db150a630ceb90bac466bf4a3c3f1f792441fed6fb0b6dc34
-
SHA512
15ff74ef09974c51a36cd4197c45c3391dd76317c2d278a34c9df5adf3cbee41f6fc9cf25450d73f3e6f4e63f00c0e65d874f6b572421bf49611544d11467bbc
-
SSDEEP
192:bWyKzktunJRUyKzktJDlvgia0GONzU09iT0yFnVk03u3A/WeFW9tWHaFi:Cy44unfUy44dPlzNiKeFsin
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-