vipkeylogger | c15fa494087adbbd30421dc080254a74c29547cbc41caacf55d0004937929e78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c15fa494087adbbd30421dc080254a74c29547cbc41caacf55d0004937929e78.exe
Size

775KB
Sample

240903-c42yhavdkq
MD5

3856e307625dd017e2fab5d5513e1fd6
SHA1

ebfef65b6efa3e848719bb9e1c23aa1deb5f227f
SHA256

c15fa494087adbbd30421dc080254a74c29547cbc41caacf55d0004937929e78
SHA512

cf5e7c12535a9dc0ad8d86c532ec1873c3d19f01e3791ce6f4f05f6ded21ad8341da8e6917b1d4e5bef9029ec25bd107f8aa8b3531efb17d1267900b3f1c027c
SSDEEP

12288:nGZKzvEPBKYvI8hFUxu40EF6kutItR/3E65vY/nt9Aa1aJhIM6d7IaqNJKu0:IPOAFUE4FgkgAR/0sgt9A+uhH6CjNB0

Score

10^/10

vipkeylogger collection credential_access discovery evasion keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
JnynCnq2
Email To:
[email protected]

Targets

- Target
  
  c15fa494087adbbd30421dc080254a74c29547cbc41caacf55d0004937929e78.exe
- Size
  
  775KB
- MD5
  
  3856e307625dd017e2fab5d5513e1fd6
- SHA1
  
  ebfef65b6efa3e848719bb9e1c23aa1deb5f227f
- SHA256
  
  c15fa494087adbbd30421dc080254a74c29547cbc41caacf55d0004937929e78
- SHA512
  
  cf5e7c12535a9dc0ad8d86c532ec1873c3d19f01e3791ce6f4f05f6ded21ad8341da8e6917b1d4e5bef9029ec25bd107f8aa8b3531efb17d1267900b3f1c027c
- SSDEEP
  
  12288:nGZKzvEPBKYvI8hFUxu40EF6kutItR/3E65vY/nt9Aa1aJhIM6d7IaqNJKu0:IPOAFUE4FgkgAR/0sgt9A+uhH6CjNB0
Score

10^/10

vipkeylogger collection credential_access discovery evasion keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoveryevasionkeyloggerstealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoveryevasionkeyloggerstealer