vipkeylogger | 454fb17dd52c3f5242559256394ee1b429c0b70d894ac94ae14ab64ba40f7b4c | Triage

Sharing

General

Target

454fb17dd52c3f5242559256394ee1b429c0b70d894ac94ae14ab64ba40f7b4c
Size

661KB
Sample

240829-dpz12a1cna
MD5

e00acf9f47426adf08aca4758a4c847e
SHA1

94d8967ef34e3caf16cd7e85d86f902f2a320bdb
SHA256

454fb17dd52c3f5242559256394ee1b429c0b70d894ac94ae14ab64ba40f7b4c
SHA512

d7c69040e2703a056653ca922f170ee94a23db55e7323e96da0bed04c061e319ae12dc52cac07c020a1f818f7d2a60809728d449cc7cebbfe42516c42c480b91
SSDEEP

12288:cXlzDHsTKy+pPYWgw/ubB/SqDpGwChA2bc4Om6wbAdpfZ1Zw2crvExLm+r:mlzDHUl9w/ipCGVm6o2pR1arvEx9

Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.al-subai.com
Port:
587
Username:
[email protected]
Password:
information12
Email To:
[email protected]

C2

https://api.telegram.org/bot7236590670:AAEZk9ec6tcUIipI8D5VK8zyHeQjcafFyOY/sendMessage?chat_id=2052461776

Targets

- Target
  
  QTE070624.scr
- Size
  
  690KB
- MD5
  
  ef321f0fca2075c4f5157490e4c4d779
- SHA1
  
  ad662ef5ca396da788abefbe8efe773f2a4b9c0e
- SHA256
  
  b40673c42c88df884d3931e1c3c45a273ca2c205ce13efc989ad8d84aeaa78fa
- SHA512
  
  28bf8a2a39e254fc92fcaf8db563f3ca40912ef8aef7d3daf3ac853af4cf78a764812d7c4d621b865a1492adb0ad433a8f103fd5760e1d8967e48dc88bc54320
- SSDEEP
  
  12288:qVVAYO4Zn/f+p9jA3bHcBFxe58MVTTh/u+Ol61Rq3w:ceCn/4A3IBer5dVa0q
Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer