General

  • Target

    z30ProofofPaymentAttached.exe

  • Size

    1.0MB

  • Sample

    241118-sx2bdszemq

  • MD5

    a2c61107b1d0bd03a8133c81b02fe6d8

  • SHA1

    b27273c26424a5ab644440485196b506ed5e4ee7

  • SHA256

    f0e637afd17905703f31d1efa7b5c847687560311ecec72b7f84352b4e3c66fc

  • SHA512

    02dafffd91ebf5860535f1cd3d815a93bb2953d77e1e0d4f4507867f91dbde60bf993982f201de5b7e586bf94a50a7c466ee07dfa8cc3ae4305c921c3f41009d

  • SSDEEP

    24576:rtb20pkaCqT5TBWgNQ7aU3pfLv+GTnn25/6A:oVg5tQ7aU3Fpn2x5

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mzgold.ir
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ^Wg7~Wau!C8H

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      z30ProofofPaymentAttached.exe

    • Size

      1.0MB

    • MD5

      a2c61107b1d0bd03a8133c81b02fe6d8

    • SHA1

      b27273c26424a5ab644440485196b506ed5e4ee7

    • SHA256

      f0e637afd17905703f31d1efa7b5c847687560311ecec72b7f84352b4e3c66fc

    • SHA512

      02dafffd91ebf5860535f1cd3d815a93bb2953d77e1e0d4f4507867f91dbde60bf993982f201de5b7e586bf94a50a7c466ee07dfa8cc3ae4305c921c3f41009d

    • SSDEEP

      24576:rtb20pkaCqT5TBWgNQ7aU3pfLv+GTnn25/6A:oVg5tQ7aU3Fpn2x5

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks