General

  • Target

    4e29dc3913c1912676aa3b4c98230a94cbd31748a57f03739af0a0ea99e72460

  • Size

    627KB

  • Sample

    240924-tqez9awcqf

  • MD5

    8f369ce19589a281d55971ed9766fade

  • SHA1

    ed3c560539f8871b61fc675a0001663f939d5ee7

  • SHA256

    4e29dc3913c1912676aa3b4c98230a94cbd31748a57f03739af0a0ea99e72460

  • SHA512

    dbc459dcd39a9d88faf696a005e23002abc7bc6c3ad7b01d511b6ffa8667739905af193e45d0f3c3faef0367009fd6b0a32f3d7d300453f0d5de1801104f7f28

  • SSDEEP

    12288:6j/vmKhz/riPY0zXhp5gfKo7sdNT1LCXVbeyLp/7YcrVgsDf/nFUezc:yGKhz/uPYyXhp5gSmwLqbeyLV7rxTDfy

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.fastestpay.digital
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    1Qj;XlmD!Lrj

Extracted

Family

vipkeylogger

Targets

    • Target

      hesaphareketi-01_pdf.exe

    • Size

      1.7MB

    • MD5

      33e557f83de6a10689f72c1458aeb204

    • SHA1

      a6dcf0ec4366f0c30d483645ca56779f4bbb38b7

    • SHA256

      0ed875098cbedf59446d18e8142a89505517b48e69d94f91a3266a3e395d5629

    • SHA512

      1ce65fceb3570e10c29cdc5be23bbc200d63e709669698ec9b8675825820fc0c195103a5c6a2085fcc733954fccc6e5d60367fe1924e404e710f60a112e9da07

    • SSDEEP

      24576:cuKhF/OzckXTD5USeGLwbmyLJ7nJTDf/LzU:cuK+ckxb89J7nJTbLA

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks