General

  • Target

    DECEMBERPAYMENT.rar

  • Size

    492KB

  • Sample

    241209-stem8axjhj

  • MD5

    f351499172f5b333b4e4a2c266b29eea

  • SHA1

    da8b8b4aa66e42110946a947ca1bce0329a43c7b

  • SHA256

    6effcde29dbe8304a62aebe8bd88db01c18de6aa946523a48c4bce5aa6d5ec3d

  • SHA512

    aa4c6314de8b8330b962ce5b2fca07faa7d2e93d075a5700c6349b5863e222b893ea93177e6ba8a6ed2a9bcf2cf6f169b964eb949b9e63d2180e3dd37e9bc33e

  • SSDEEP

    12288:tv4kIuQ0QOmJpm9oxQuNrgrb1Mo4lXREH++p:tA0QXryrbyod

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.irco.com.sa
  • Port:
    587
  • Username:
    info@irco.com.sa
  • Password:
    info12A

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.irco.com.sa
  • Port:
    587
  • Username:
    info@irco.com.sa
  • Password:
    info12A
  • Email To:
    logs202323@yandex.com

Targets

    • Target

      PO.exe

    • Size

      976KB

    • MD5

      123b5ecd85676f192dfe4a0d6d3b9419

    • SHA1

      5a96e18cde4f369646c421c58dd7ce92c307862d

    • SHA256

      520e219c0f4f6198428644141cbbb479607aa8aafc613c1d7abdaca2b8254359

    • SHA512

      1f12089b4fb87b0bb0d92c2a7562616269c8fcb6c409f5de74bba4c5f06dc29d24cdcd32120bce7c3cb8978afa8f7ab2cb121e4900c6275b4abf8d27f3884987

    • SSDEEP

      24576:yu6J33O0c+JY5UZ+XC0kGso6Fa6J35NOWY:0u0c++OCvkGs9Fa67Y

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.