General
-
Target
24092024_1427_23092024_Zaplata_09232024.jpg.img
-
Size
1.7MB
-
Sample
240924-rsjp4sscrf
-
MD5
422db1a43e10db467dbd721dfcb7bd59
-
SHA1
2502496bf3673ab7fb9f7d64d3379a492401dacd
-
SHA256
38678221a285358c0dbaa02b071fc050ddfb8a83390c149f82a84bcca53a0e6a
-
SHA512
20859db366b623222a3ca02d1f5543d97beb75c9ffc9774aeee3df1ca83d0b4335846224924429bdf34f6fb8872a7e0b47203440e5f5ebb9026925b2b5132d35
-
SSDEEP
24576:LRmJkcoQricOIQxiZY1iaCmbXD3rSW61YRoFsxjIHHO:IJZoQrbTFZY1iaCmbPSN0AsFP
Static task
static1
Behavioral task
behavioral1
Sample
Zaplata_09232024,jpg.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Zaplata_09232024,jpg.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.plastikgogic.rs - Port:
587 - Username:
[email protected] - Password:
martINAMng22320in
Extracted
vipkeylogger
Targets
-
-
Target
Zaplata_09232024,jpg.exe
-
Size
1.1MB
-
MD5
d33cbd6b04b6a470020af5692afd1cfe
-
SHA1
e3cc1dd8d18fd0f9b8467efae93cf5031bf30742
-
SHA256
982c3260b68600ee0aff04207c411c5bd348cd6929c378b3d6845b64b338da47
-
SHA512
d6f17d037665b29288c38afb9b735a935270a53b267befcd4fc7cd077f1cdc588ed94c739ee53a9e704895a2926c6db99bf9b14f07e2d74a6b599ab95d53c99e
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCmbXD3rSW61YRoFsxjIHHOl:7JZoQrbTFZY1iaCmbPSN0AsFPl
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-