General

  • Target

    24092024_1427_23092024_Zaplata_09232024.jpg.img

  • Size

    1.7MB

  • Sample

    240924-rsjp4sscrf

  • MD5

    422db1a43e10db467dbd721dfcb7bd59

  • SHA1

    2502496bf3673ab7fb9f7d64d3379a492401dacd

  • SHA256

    38678221a285358c0dbaa02b071fc050ddfb8a83390c149f82a84bcca53a0e6a

  • SHA512

    20859db366b623222a3ca02d1f5543d97beb75c9ffc9774aeee3df1ca83d0b4335846224924429bdf34f6fb8872a7e0b47203440e5f5ebb9026925b2b5132d35

  • SSDEEP

    24576:LRmJkcoQricOIQxiZY1iaCmbXD3rSW61YRoFsxjIHHO:IJZoQrbTFZY1iaCmbPSN0AsFP

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.plastikgogic.rs
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    martINAMng22320in

Extracted

Family

vipkeylogger

Targets

    • Target

      Zaplata_09232024,jpg.exe

    • Size

      1.1MB

    • MD5

      d33cbd6b04b6a470020af5692afd1cfe

    • SHA1

      e3cc1dd8d18fd0f9b8467efae93cf5031bf30742

    • SHA256

      982c3260b68600ee0aff04207c411c5bd348cd6929c378b3d6845b64b338da47

    • SHA512

      d6f17d037665b29288c38afb9b735a935270a53b267befcd4fc7cd077f1cdc588ed94c739ee53a9e704895a2926c6db99bf9b14f07e2d74a6b599ab95d53c99e

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCmbXD3rSW61YRoFsxjIHHOl:7JZoQrbTFZY1iaCmbPSN0AsFPl

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks