vipkeylogger | eaf84feb50c9fb9957f022597cccf2e343e04fbde288838e64c4fd6513301289 | Triage

Sharing

General

Target

New Order Inquiry Maiden Med Sept 2024 #287772.exe
Size

769KB
Sample

240905-pdqtrszhjk
MD5

c647aab9bb0c4b04a5d15c5d5b4ca4ee
SHA1

b94ba0911d7f3addbd1a262de11df13096bb51c4
SHA256

eaf84feb50c9fb9957f022597cccf2e343e04fbde288838e64c4fd6513301289
SHA512

c0179b98f3b2e40d698a4c408068308c312e026eb5d1f590b0120cb7368761c7a2a2195fb72d252c3d9bc4d41d9ddf9aa717dd3299b191038118a525f102ae1d
SSDEEP

12288:unU1UoIG5MPUwBZiAhmug2hF3evSXAF1i1GbnPg82bTGEkJ42qWQ2gi7nWI58wXY:zUobyZdhF3eyAXbUGhkynztlXJbga

Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7204444211:AAHhCv47hRiqEWkkF-hzrMRRq69HpYbFD5Y/sendMessage?chat_id=2065242915

Targets

- Target
  
  New Order Inquiry Maiden Med Sept 2024 #287772.exe
- Size
  
  769KB
- MD5
  
  c647aab9bb0c4b04a5d15c5d5b4ca4ee
- SHA1
  
  b94ba0911d7f3addbd1a262de11df13096bb51c4
- SHA256
  
  eaf84feb50c9fb9957f022597cccf2e343e04fbde288838e64c4fd6513301289
- SHA512
  
  c0179b98f3b2e40d698a4c408068308c312e026eb5d1f590b0120cb7368761c7a2a2195fb72d252c3d9bc4d41d9ddf9aa717dd3299b191038118a525f102ae1d
- SSDEEP
  
  12288:unU1UoIG5MPUwBZiAhmug2hF3evSXAF1i1GbnPg82bTGEkJ42qWQ2gi7nWI58wXY:zUobyZdhF3eyAXbUGhkynztlXJbga
Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer