vipkeylogger | aba26439433b92c5cfa233cbfba67eea8defd2e5c0e3293bc8b46d1606d719d6 | Triage

Submit
Reports

Overview

overview

Static

static

5

PRODUCT_LIST.exe

windows7-x64

PRODUCT_LIST.exe

windows10-2004-x64

Sharing

General

Target

aba26439433b92c5cfa233cbfba67eea8defd2e5c0e3293bc8b46d1606d719d6
Size

935KB
Sample

240919-fpvsessbqc
MD5

0e87b2142bf024c7352ad21fb865e797
SHA1

e7d097b466e6d9c14cb263cfb68ae492a1563452
SHA256

aba26439433b92c5cfa233cbfba67eea8defd2e5c0e3293bc8b46d1606d719d6
SHA512

0d20d07fc4a6a8572dbe23b16d2b7010156e37208cb03999ca1d7985edef18918b160cf6c319e9212af05b6e6fcec467c62d003261dee0e7ba977ab4b00e936e
SSDEEP

24576:yt7Y8R39qYXC6ruznW4g7+BUVxoC4LXwEdlAiG+a0:yt7Y89qYXC6ruznW4fBUVxolAnl+1

Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PRODUCT_LIST.exe

Resource

win7-20240729-en

vipkeylogger collection credential_access discovery keylogger stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

PRODUCT_LIST.exe

Resource

win10v2004-20240802-en

vipkeylogger collection credential_access discovery keylogger stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
yUiavQX8
Email To:
[email protected]

C2

https://api.telegram.org/bot7247249543:AAEjQNxXUVZRm1ev9K9Jf_pcuz9vHQRkYyU/sendMessage?chat_id=403948698

Targets

- Target
  
  PRODUCT_LIST.exe
- Size
  
  1.3MB
- MD5
  
  a11afb56da05277abb60bd8150394e78
- SHA1
  
  512771c367a050b4e8baef3318d56731142cfdf5
- SHA256
  
  be61fe0450693928b2c2881e4e6540d17a317d50ddb1f1681a9774fb273bdcea
- SHA512
  
  1c34927333fc022a4aed64c4f6437c4748be8dd348675d129372c12c8ae7c2adae91d7f7047dd5a077d89b37bc90b7d85d70fe48b69edbe56ebef210fcea0ec5
- SSDEEP
  
  24576:pRmJkcoQricOIQxiZY1iaJy0UQh+B8V50smLXuOTx6Uaoar:mJZoQrbTFZY1iaJy0UlB8V50/eZpoo
Score

10^/10

vipkeylogger collection credential_access discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy