vipkeylogger | cb0ce49811fc7dfa01b165bb3c7721c6f2e4148951e136e4ce3cfea6e877ff4d | Triage

Sharing

General

Target

2.exe
Size

92KB
Sample

240821-lx3qwssapa
MD5

252ea5ee65a29abdc7bd0143f48aeba0
SHA1

16d2e6ec8a3e851adf1c7d6f6150b4d8aa002b85
SHA256

cb0ce49811fc7dfa01b165bb3c7721c6f2e4148951e136e4ce3cfea6e877ff4d
SHA512

3fa8586a53d8f042a5c46d019050bfe7e0143d08b95aba290caeddd61e91f6eacd523ff2371ed3199286893acb3f6e8d624e9afef9e757b536eb450b685b82ef
SSDEEP

768:QZRe2ORdHV9tncGm4Z9MShLxbQFQhlJHTR91Ne8fuxyziKEUYdbVUGGTlB:QvodH9n/bMSh5JlZTV0fNKE/eGGRB

Score

10^/10

vipkeylogger collection credential_access discovery keylogger persistence stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
novaoil.top
Port:
587
Username:
[email protected]
Password:
7213575aceACE@
Email To:
[email protected]

Targets

- Target
  
  2.exe
- Size
  
  92KB
- MD5
  
  252ea5ee65a29abdc7bd0143f48aeba0
- SHA1
  
  16d2e6ec8a3e851adf1c7d6f6150b4d8aa002b85
- SHA256
  
  cb0ce49811fc7dfa01b165bb3c7721c6f2e4148951e136e4ce3cfea6e877ff4d
- SHA512
  
  3fa8586a53d8f042a5c46d019050bfe7e0143d08b95aba290caeddd61e91f6eacd523ff2371ed3199286893acb3f6e8d624e9afef9e757b536eb450b685b82ef
- SSDEEP
  
  768:QZRe2ORdHV9tncGm4Z9MShLxbQFQhlJHTR91Ne8fuxyziKEUYdbVUGGTlB:QvodH9n/bMSh5JlZTV0fNKE/eGGRB
Score

10^/10

discovery persistence vipkeylogger collection credential_access keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer