General

  • Target

    INVOICES.bat.exe

  • Size

    77.0MB

  • Sample

    241207-vnqjmsxkbw

  • MD5

    7832c592d6a2e403b8323da6b238e789

  • SHA1

    1b0a4f33ed26e9284d3a93b7a119a895eb12c0f2

  • SHA256

    3e4a1645de56b2595ebd83686945f60b1fc4242d9dada664ca9ef9d6c3f8659f

  • SHA512

    aa38396cb18fb5c7cae17413f42b6d3ee15adc82dc5a02513bd430c27f774433186f781cada07d6709d93448404fbdae179cf018144fbf2bfff1405330cbeb09

  • SSDEEP

    24576:1u6J33O0c+JY5UZ+XC0kGso6Fac1HJWnny4sd09pWiszrWY:Xu0c++OCvkGs9FacdJ6VpWiXY

Malware Config

Extracted

Family

vipkeylogger

Targets

    • Target

      INVOICES.bat.exe

    • Size

      77.0MB

    • MD5

      7832c592d6a2e403b8323da6b238e789

    • SHA1

      1b0a4f33ed26e9284d3a93b7a119a895eb12c0f2

    • SHA256

      3e4a1645de56b2595ebd83686945f60b1fc4242d9dada664ca9ef9d6c3f8659f

    • SHA512

      aa38396cb18fb5c7cae17413f42b6d3ee15adc82dc5a02513bd430c27f774433186f781cada07d6709d93448404fbdae179cf018144fbf2bfff1405330cbeb09

    • SSDEEP

      24576:1u6J33O0c+JY5UZ+XC0kGso6Fac1HJWnny4sd09pWiszrWY:Xu0c++OCvkGs9FacdJ6VpWiXY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks