vipkeylogger | 67b4389759da97197c8fc19df497e8892bc60e4c45733e36feeedfe49bc9dd09 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO 5986.exe

windows7-x64

PO 5986.exe

windows10-2004-x64

Sharing

General

Target

PO5986.7z
Size

896KB
Sample

241030-sj5fwswcmf
MD5

681602ba3466a1c75a4d14f6d2d05097
SHA1

4766ec1fb49d38e64f4862fe6cf8ea037dab760a
SHA256

67b4389759da97197c8fc19df497e8892bc60e4c45733e36feeedfe49bc9dd09
SHA512

c5a2d5f46a26ab98d745940a736d72a941ea9ebd8af748603280b994ab541386c3bd04cd0e83784ab8a8f67e1fa838e50004437694d20b4db80bff3d2b9ff776
SSDEEP

24576:Gy5K1eRUsEc2gCjqnrVTh548cIJvLwhs8924bhJUXF2XYrD:S1e2c2g4qnhLzLC2ES4SD

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO 5986.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 5986.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  PO 5986.exe
- Size
  
  1.4MB
- MD5
  
  8aa0f8af4e622539b7ef1ca4ecd5c854
- SHA1
  
  717c962a351e1eb42152e7bed863c3b9282c5773
- SHA256
  
  e0092c676baa6a82e979fa3cc3e71d73abb09bfbd98b2948ac427006bfd0de9e
- SHA512
  
  009166a6b0ef762b4e05fa5e8a35300b01f4bae1b1056d922ee0cd781e428485639dd7fd2a7d9cb43ee163e9faa53c4da319b600935d72bc6be29449890b65d5
- SSDEEP
  
  24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8arVXlzAhw4ryI9vLwlzU92XxhDUKe2Xl:4TvC/MTQYxsWR7arVXpotLJ2BTh
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy