General
-
Target
z30ProofofPaymentAttached.exe
-
Size
1.0MB
-
Sample
241118-sx2bdszemq
-
MD5
a2c61107b1d0bd03a8133c81b02fe6d8
-
SHA1
b27273c26424a5ab644440485196b506ed5e4ee7
-
SHA256
f0e637afd17905703f31d1efa7b5c847687560311ecec72b7f84352b4e3c66fc
-
SHA512
02dafffd91ebf5860535f1cd3d815a93bb2953d77e1e0d4f4507867f91dbde60bf993982f201de5b7e586bf94a50a7c466ee07dfa8cc3ae4305c921c3f41009d
-
SSDEEP
24576:rtb20pkaCqT5TBWgNQ7aU3pfLv+GTnn25/6A:oVg5tQ7aU3Fpn2x5
Static task
static1
Behavioral task
behavioral1
Sample
z30ProofofPaymentAttached.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
z30ProofofPaymentAttached.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
mzgold.ir - Port:
587 - Username:
[email protected] - Password:
^Wg7~Wau!C8H
Extracted
vipkeylogger
Protocol: smtp- Host:
mzgold.ir - Port:
587 - Username:
[email protected] - Password:
^Wg7~Wau!C8H - Email To:
[email protected]
Targets
-
-
Target
z30ProofofPaymentAttached.exe
-
Size
1.0MB
-
MD5
a2c61107b1d0bd03a8133c81b02fe6d8
-
SHA1
b27273c26424a5ab644440485196b506ed5e4ee7
-
SHA256
f0e637afd17905703f31d1efa7b5c847687560311ecec72b7f84352b4e3c66fc
-
SHA512
02dafffd91ebf5860535f1cd3d815a93bb2953d77e1e0d4f4507867f91dbde60bf993982f201de5b7e586bf94a50a7c466ee07dfa8cc3ae4305c921c3f41009d
-
SSDEEP
24576:rtb20pkaCqT5TBWgNQ7aU3pfLv+GTnn25/6A:oVg5tQ7aU3Fpn2x5
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-