vipkeylogger | ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

PaymentUSD...00.exe

windows7-x64

PaymentUSD...00.exe

windows10-2004-x64

Sharing

General

Target

PaymentUSD305000A98E8090KDHKS3300.exe
Size

2.1MB
Sample

240903-xcaedsvdng
MD5

894a56d157fc739991e210da5b4bc822
SHA1

50e8444b4f45b60e675c8fefd4396bc9c5416262
SHA256

ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330
SHA512

984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c
SSDEEP

49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo

Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PaymentUSD305000A98E8090KDHKS3300.exe

Resource

win7-20240903-en

vipkeylogger collection credential_access discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

PaymentUSD305000A98E8090KDHKS3300.exe

Resource

win10v2004-20240802-en

vipkeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.cybertechllc.top
Port:
587
Username:
[email protected]
Password:
7213575aceACE@
Email To:
[email protected]

Targets

- Target
  
  PaymentUSD305000A98E8090KDHKS3300.exe
- Size
  
  2.1MB
- MD5
  
  894a56d157fc739991e210da5b4bc822
- SHA1
  
  50e8444b4f45b60e675c8fefd4396bc9c5416262
- SHA256
  
  ff017337f84265180a1093945eefef2df5481f1eef0e2e1012cd371c9811b330
- SHA512
  
  984de1f8b54b65ab67d74fed3549704a317cc87ad1afbd4bb1f07a2cb900c08143f54f103c29f6b71c972ff2e1bd2cd302112ded0931e641c70b0322713bf48c
- SSDEEP
  
  49152:9uAEE6l/kZzz3uBytwA6cYAyhEvFJ4W1edTQW2zE/:suzsnEo
Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy