vipkeylogger

General

Target

1e507febdd48a2bf2429c8011bd5cbc5c7b018207bdaec87665b8b51fa13d904.exe
Size

870KB
Sample

241023-bg4yxatckh
MD5

a1e239c4d5116e289ce0597a92844ede
SHA1

4562d452ccc32512291c3165a0b9b3c076b28094
SHA256

1e507febdd48a2bf2429c8011bd5cbc5c7b018207bdaec87665b8b51fa13d904
SHA512

500ddcdc2f1e3ca0da0a43006b99c6e78697433fc0757d25ddff94190dd2d725799faf267efdfacdef758e9024591368454f14025662cc6a1309bce7863494d2
SSDEEP

24576:/75JHVcDo1hTW+VeQ9Ke+alCJmvulW6Nd0vd:jDHVUW/VrKe+m7mwMAd

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
pW@4G()=#2

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
pW@4G()=#2
Email To:
[email protected]

Targets

- Target
  
  1e507febdd48a2bf2429c8011bd5cbc5c7b018207bdaec87665b8b51fa13d904.exe
- Size
  
  870KB
- MD5
  
  a1e239c4d5116e289ce0597a92844ede
- SHA1
  
  4562d452ccc32512291c3165a0b9b3c076b28094
- SHA256
  
  1e507febdd48a2bf2429c8011bd5cbc5c7b018207bdaec87665b8b51fa13d904
- SHA512
  
  500ddcdc2f1e3ca0da0a43006b99c6e78697433fc0757d25ddff94190dd2d725799faf267efdfacdef758e9024591368454f14025662cc6a1309bce7863494d2
- SSDEEP
  
  24576:/75JHVcDo1hTW+VeQ9Ke+alCJmvulW6Nd0vd:jDHVUW/VrKe+m7mwMAd
Score

10^/10

discovery execution vipkeylogger collection keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Levitator/Exungulate.Spe205
- Size
  
  54KB
- MD5
  
  0d2ce39822e9236a380f4d1d53550e93
- SHA1
  
  8381b0e62708112dbfbed036650bf0667ec4476b
- SHA256
  
  ed34db2a55a35c90b524d2448353eb73d28da7d7ff401477165c226ff25de9af
- SHA512
  
  f365bb861db3fc6d29736b3f8c0377bb4f8318fff94bc96033ae208760082b529b8aea4cf79de9efa3608c79ac91fe57e19f26959831f621bba8816e1013afc3
- SSDEEP
  
  1536:L3ZsYDoSFyAkhotYr3XpNhdrWlR7uDZy4k:DiYMSFyVoANpy4k
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4