General

  • Target

    GD7656780000.bat.exe

  • Size

    628KB

  • Sample

    241118-lpyrzatelb

  • MD5

    1952368f897c22bc2f4ecf319f7ff331

  • SHA1

    b5ce26cd9b5086a1ed7c3a2ad160a52b74b0943d

  • SHA256

    c6755c9510ba4df19d3a59b8112844e667ac84aa30d629e414b5612df243ecfc

  • SHA512

    43d35629cebd5e2cc450d48d2f12bc4a51dee0d3800a7c43e5ed9641162dca87141f083a19888042ea61092ac07f58979d4764ce420fd28867a34918a5ea8168

  • SSDEEP

    12288:6Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiCQ6qLB4A0L7LdNOkcw4:6q5TfcdHj4fmb6vkCkt4

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

    • Target

      GD7656780000.bat.exe

    • Size

      628KB

    • MD5

      1952368f897c22bc2f4ecf319f7ff331

    • SHA1

      b5ce26cd9b5086a1ed7c3a2ad160a52b74b0943d

    • SHA256

      c6755c9510ba4df19d3a59b8112844e667ac84aa30d629e414b5612df243ecfc

    • SHA512

      43d35629cebd5e2cc450d48d2f12bc4a51dee0d3800a7c43e5ed9641162dca87141f083a19888042ea61092ac07f58979d4764ce420fd28867a34918a5ea8168

    • SSDEEP

      12288:6Ov5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiCQ6qLB4A0L7LdNOkcw4:6q5TfcdHj4fmb6vkCkt4

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks