General
-
Target
ZiraatBankasiSwiftMesaji_20241003_3999382.exe
-
Size
824KB
-
Sample
241003-tt6mdayaqg
-
MD5
0d8db6d33d9a5f2ca6435252ff4d65a9
-
SHA1
6b87387e8aa893e853fa492a1026908b0953c1f7
-
SHA256
b9f4537fa4b470f09cc62c1c706004604498c9405e638712eb4f2ea6a6b1876d
-
SHA512
9befbefa1a6f568e590973a1097b23dde5539de8bf02f9898dbea19ab11f6db4ef9d79755e10259ae4ea302373b036a3ca87d40412ecaf7764f761a1b1cd5275
-
SSDEEP
12288:Ac2F0mJ9ri/HRUqof0Sn9RdTvdl2yOLNJVe7OW7Otx5pFU7N5:D2F0JUj0g9PDd1O5Ootx5M7N
Static task
static1
Behavioral task
behavioral1
Sample
ZiraatBankasiSwiftMesaji_20241003_3999382.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ZiraatBankasiSwiftMesaji_20241003_3999382.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
quicklyserv.com - Port:
21 - Username:
[email protected] - Password:
omobolajijonze12345
Extracted
vipkeylogger
Targets
-
-
Target
ZiraatBankasiSwiftMesaji_20241003_3999382.exe
-
Size
824KB
-
MD5
0d8db6d33d9a5f2ca6435252ff4d65a9
-
SHA1
6b87387e8aa893e853fa492a1026908b0953c1f7
-
SHA256
b9f4537fa4b470f09cc62c1c706004604498c9405e638712eb4f2ea6a6b1876d
-
SHA512
9befbefa1a6f568e590973a1097b23dde5539de8bf02f9898dbea19ab11f6db4ef9d79755e10259ae4ea302373b036a3ca87d40412ecaf7764f761a1b1cd5275
-
SSDEEP
12288:Ac2F0mJ9ri/HRUqof0Sn9RdTvdl2yOLNJVe7OW7Otx5pFU7N5:D2F0JUj0g9PDd1O5Ootx5M7N
-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2