General

  • Target

    25012025_0225_23012025_PaymentAdvice-AdviceRefA22D4YdWsbE4.pdf.z

  • Size

    867KB

  • Sample

    250125-czrxqs1lfx

  • MD5

    4d923ca5f725d9b58b9ecd822f5e3cad

  • SHA1

    216e3e1806ee96ac742402d0cfd796848c5cdf94

  • SHA256

    b90b66659c0c9c2356fcaa39603b26d85468478eb9761a28d73458105b4d18ce

  • SHA512

    6b16c49fb663fffc561a1cd37b3ba70034640714514de1a7edc2ddf52fe957bc989db59c51b3a633e283c7448628348b5a4c8d896833659a56ae93d63dae13ea

  • SSDEEP

    12288:4sNx+QKbK8kIyYCedTnjjZ4UFe4WPVnhtE1V+AxozLjqeTeCm9ZZcrAxTl7QdlNp:4U+Q7KyXetJrsl9n7q+J/T/eDQdlNp

Malware Config

Extracted

Family

vipkeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    director@igakuin.com
  • Password:
    cash@com12345
  • Email To:
    director@igakuin.com

Targets

    • Target

      Payment Advice - Advice Ref[A22D4YdWsbE4].exe

    • Size

      1.2MB

    • MD5

      09c8438a2c2fa294c281cb2fc46b963c

    • SHA1

      5aa193733bcb444115799133aa589d819524597e

    • SHA256

      f6dea5d012caf182412ad12f185143c5e9d35a46c8ad183dbb7566570fccda41

    • SHA512

      d815af68e5c89b1bb89e58faf04d9ae2561d8adf0d22232cd906fc567a3aa65d47804f87e63495e04d3949a4a04e4516637022deb131af24f90c99d4edc34a34

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCsjX5QAGvNR+S/W0Jvd4qYW/A:7JZoQrbTFZY1iaCQXCZbFu0Jvd4qYl

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.