vipkeylogger | a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

SC_TR116709004.exe

windows7-x64

SC_TR116709004.exe

windows10-2004-x64

Sharing

General

Target

a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81.ace
Size

750KB
Sample

240822-j6gtnszeln
MD5

64f7032c5d17b6757bc1e3b688c10209
SHA1

457221e5c56a3e23db645c0158cd59e1e8cc9937
SHA256

a8cbed164ea439d5fea8324de4c0bace2cffd671d845bf301730ab99b57afb81
SHA512

7bba58515bead402d8c2520ddd17bc8e19f45c49e08c64701595e6e6517bb96364af94c41e5db7357adf0b97fd64cfdae0bdc7a6c0bd9dad0b9593e373b4b909
SSDEEP

12288:hZmlJzEhl413zvuPMSpyuR8LNf2G3FlxTBWbKifdCqth4BwHUHsMtxZPdkcFb2JQ:7mnoA1zvu0Sp9RqYG3xTQCuhYcUHpZPn

Score

10^/10

vipkeylogger collection credential_access discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SC_TR116709004.exe

Resource

win7-20240705-en

vipkeylogger collection credential_access discovery keylogger spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

SC_TR116709004.exe

Resource

win10v2004-20240802-en

vipkeylogger collection credential_access discovery keylogger spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.afaqtowaiq.com
Port:
587
Username:
[email protected]
Password:
Aa77882009@
Email To:
[email protected]

Targets

- Target
  
  SC_TR116709004.exe
- Size
  
  858KB
- MD5
  
  955ef5d0b9b9dca9ee8f7c7b31e3ffc8
- SHA1
  
  a34198c2c2f45aeb6b328ad0b3eabfed31567659
- SHA256
  
  8a2bb551ab8c8dda94f89421cb885546f6507ec2ffd24084376a2b4992378d59
- SHA512
  
  0c1dc44214efc6ea558b3421750b5e3c79b40b72bd65e9353ed7d3067451903721c180d997282428570412f9e35956faf28ea7a30e923c8a1c0bc95a74972938
- SSDEEP
  
  12288:yCQuNPaRtCQjl6dJuL/1470hhoxCaqShlOPn0aZwyT86QySfz10YsXOB:1NDsYdJuL/i70h+Caqi8Zkjyyz1sOB
Score

10^/10

vipkeylogger collection credential_access discovery keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy