vipkeylogger | e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc.exe
Size

2.3MB
Sample

241009-c2b93aveqm
MD5

1e9dc5041bf503cb63397e6a8f0bae9a
SHA1

9d21fe92ee433be3be4c09f8d242b4ad87d2158c
SHA256

e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc
SHA512

d377b79a8220426eafafac5a9e9faaf8dc556dbf0ac545e485ecee2d3bdab6100eee6416c104db8f6c847d5672f2cff92612ad989a8fcf36f147c357db100cbb
SSDEEP

24576:wLQ4ptMQJ/FlikzQjbrf5k+OhMAYg+BFe73DXiAeBHYGnUjkuxx/d//6e:w7lCbrRkHhMRTi3DXiAJeUndH

Score

10^/10

vipkeylogger collection discovery keylogger persistence stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.tonicables.top
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc.exe
- Size
  
  2.3MB
- MD5
  
  1e9dc5041bf503cb63397e6a8f0bae9a
- SHA1
  
  9d21fe92ee433be3be4c09f8d242b4ad87d2158c
- SHA256
  
  e918f19d7627b7fa623f669351f2e00e029fa71bf08082c527da5b88ec53b9dc
- SHA512
  
  d377b79a8220426eafafac5a9e9faaf8dc556dbf0ac545e485ecee2d3bdab6100eee6416c104db8f6c847d5672f2cff92612ad989a8fcf36f147c357db100cbb
- SSDEEP
  
  24576:wLQ4ptMQJ/FlikzQjbrf5k+OhMAYg+BFe73DXiAeBHYGnUjkuxx/d//6e:w7lCbrRkHhMRTi3DXiAJeUndH
Score

10^/10

discovery persistence vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

vipkeyloggercollectiondiscoverykeyloggerpersistencestealer