vipkeylogger | b3dfc135ae9f16cdabbaa4a371f0ab7411a3ec9d2d77c8e34bd533e9cc1b835f | Triage

Sharing

General

Target

b3dfc135ae9f16cdabbaa4a371f0ab7411a3ec9d2d77c8e34bd533e9cc1b835f.zip
Size

635KB
Sample

241009-cnnqyaxdlb
MD5

e9ceef64a8a9d1b411592f0c82f954cd
SHA1

ad94d567b0a2fa5dfb625a76e5aad618ea793f33
SHA256

b3dfc135ae9f16cdabbaa4a371f0ab7411a3ec9d2d77c8e34bd533e9cc1b835f
SHA512

81ecdb0e5a908abf77d6462413e56b6e5a375f1fd3e6f199ede7669dc3109c1138af92142596bd0e50e05cce3f11fc4ea5e6fe0b5248d3cb09e10b39888481a3
SSDEEP

12288:cDkb24tOjHKHxvENIOisIcWmZFlJUWZv1E9iBOwpjdWJsJyEAuRwc+:HjOjuqNF0klJD38wp0KJvT+

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7447202022:AAGD0i86CLrQjVCFNJEDT_YnT4c6StGryyE/sendMessage?chat_id=7155582826

Targets

- Target
  
  PO-009 Compurent.exe
- Size
  
  658KB
- MD5
  
  339e40c9c69f587ecf57fb4f34df3da0
- SHA1
  
  fe477958b4a728dab031ecbd5ea0c6a9a985c467
- SHA256
  
  5e27cf81fa5bf72f66bdb2bba36e9bd04f231ea0c27327b7fbe71370a32c306b
- SHA512
  
  c33535028de2ad8c05db54f85f7184ea0805a97d30f6187993b8204c53d8885afd787503b714cbebb0ef787fc46352ae00ebf903742156f348088bc8b6dcade5
- SSDEEP
  
  12288:X17kvBCirdHKzxLEJIOjeaIc0mZ7DXiWbv5O9EBOw1jbWfOJyEqum6coTr4:X1ociZYiJ/sSDXzB8w122JYoTk
Score

10^/10

vipkeylogger collection discovery execution keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer