vipkeylogger | d2320e5704e90bc713c59a0521bacf04ca5751c2481e1dd4e3a95494981d867c | Triage

Sharing

General

Target

REVISED INVOICE.exe
Size

983KB
Sample

241024-lxdrrssala
MD5

8274b1a41b53bf35e0b4330a20010d4c
SHA1

0b263f01dd3e10389cd4fe6575d114ea301ee874
SHA256

d2320e5704e90bc713c59a0521bacf04ca5751c2481e1dd4e3a95494981d867c
SHA512

727ed4fe93c9f0da19df61b81d3f92a9ddc9b6680b2ac841e1ed3ed37bbbe7ecc4a628dfddf31429d2fb5034edd6bc7f742a84f6e76fe7f7401dcd98ea3ec644
SSDEEP

12288:KBu+je2mGYUNpeqzfAOKUXWkP/8KYfNrnEoYhJLAMhuwIm/toWyqTnoXnPolxsq8:D+63cWqv3nANr8xAGuwIm/yWiopvC9wG

Score

10^/10

vipkeylogger discovery execution keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
smtp.ionos.fr
Port:
587
Username:
[email protected]
Password:
Jc.2o3o@
Email To:
[email protected]

Targets

- Target
  
  REVISED INVOICE.exe
- Size
  
  983KB
- MD5
  
  8274b1a41b53bf35e0b4330a20010d4c
- SHA1
  
  0b263f01dd3e10389cd4fe6575d114ea301ee874
- SHA256
  
  d2320e5704e90bc713c59a0521bacf04ca5751c2481e1dd4e3a95494981d867c
- SHA512
  
  727ed4fe93c9f0da19df61b81d3f92a9ddc9b6680b2ac841e1ed3ed37bbbe7ecc4a628dfddf31429d2fb5034edd6bc7f742a84f6e76fe7f7401dcd98ea3ec644
- SSDEEP
  
  12288:KBu+je2mGYUNpeqzfAOKUXWkP/8KYfNrnEoYhJLAMhuwIm/toWyqTnoXnPolxsq8:D+63cWqv3nANr8xAGuwIm/yWiopvC9wG
Score

10^/10

discovery execution vipkeylogger keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Hyperclimax.Com
- Size
  
  55KB
- MD5
  
  6ac57b58205d75aee6380c3c6a8ef2a2
- SHA1
  
  466480b2a43b6c6dd95253849acaafcef82ca2b3
- SHA256
  
  f79002317d2a561e589e0006dd549d39c71488689ce772b15f84f393926a2786
- SHA512
  
  ea0dea24679edb7b4d10a62e23d52bf8102338bea90957f27adc92228a54bb0b49bb710b2ed9a159b48eb5ad1a353fdcefb311a2569a82d1bed17f8f4e7782be
- SSDEEP
  
  1536:uEy/BE4CCwPB+92TmVYkP/23ytqHO0Trmd/jK:g/BEhC2M23ytqU2
Score

3^/10

execution
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

vipkeyloggerdiscoveryexecutionkeyloggerstealer

behavioral3

behavioral4