General
-
Target
GD7656780000.bat.exe
-
Size
628KB
-
Sample
241118-lpyrzatelb
-
MD5
1952368f897c22bc2f4ecf319f7ff331
-
SHA1
b5ce26cd9b5086a1ed7c3a2ad160a52b74b0943d
-
SHA256
c6755c9510ba4df19d3a59b8112844e667ac84aa30d629e414b5612df243ecfc
-
SHA512
43d35629cebd5e2cc450d48d2f12bc4a51dee0d3800a7c43e5ed9641162dca87141f083a19888042ea61092ac07f58979d4764ce420fd28867a34918a5ea8168
-
SSDEEP
12288:6Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiCQ6qLB4A0L7LdNOkcw4:6q5TfcdHj4fmb6vkCkt4
Behavioral task
behavioral1
Sample
GD7656780000.bat.exe
Resource
win7-20240903-en
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857
Targets
-
-
Target
GD7656780000.bat.exe
-
Size
628KB
-
MD5
1952368f897c22bc2f4ecf319f7ff331
-
SHA1
b5ce26cd9b5086a1ed7c3a2ad160a52b74b0943d
-
SHA256
c6755c9510ba4df19d3a59b8112844e667ac84aa30d629e414b5612df243ecfc
-
SHA512
43d35629cebd5e2cc450d48d2f12bc4a51dee0d3800a7c43e5ed9641162dca87141f083a19888042ea61092ac07f58979d4764ce420fd28867a34918a5ea8168
-
SSDEEP
12288:6Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiCQ6qLB4A0L7LdNOkcw4:6q5TfcdHj4fmb6vkCkt4
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-