vipkeylogger | cd561af39d622a0ef38283e51c0e523bf6d607434fea285afbfa9aaf286935e3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Pedido de ...04.vbs

windows7-x64

8

Pedido de ...04.vbs

windows10-2004-x64

Sharing

General

Target

Pedido de Cotação-24110004.vbs
Size

37KB
Sample

241104-sklp6sscqq
MD5

7e19f07f21a6afb866680d0807d48d4e
SHA1

2c966096d44a10645d3459e0305eae59ac2d5675
SHA256

cd561af39d622a0ef38283e51c0e523bf6d607434fea285afbfa9aaf286935e3
SHA512

90ed376cac3575fd99d125c1adbbfbdc1b5fbc406b1e7bfa14c7b831b611d818522410b79f0d430ab18beea0d97527c17bf8de5b8a1ea44687c5b3a7fc8c3b6c
SSDEEP

384:xKH0NCRhivTJLEC8RXFlYV/GBTq02x5ImMAErNDn6:xKH0NewvyFRXFlYVoTq02x5B9Eln6

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Pedido de Cotação-24110004.vbs

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pedido de Cotação-24110004.vbs

Resource

win10v2004-20241007-en

vipkeylogger collection discovery execution keylogger stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.recsb.com
Port:
587
Username:
[email protected]
Password:
1=vI*r6^
Email To:
[email protected]

Targets

- Target
  
  Pedido de Cotação-24110004.vbs
- Size
  
  37KB
- MD5
  
  7e19f07f21a6afb866680d0807d48d4e
- SHA1
  
  2c966096d44a10645d3459e0305eae59ac2d5675
- SHA256
  
  cd561af39d622a0ef38283e51c0e523bf6d607434fea285afbfa9aaf286935e3
- SHA512
  
  90ed376cac3575fd99d125c1adbbfbdc1b5fbc406b1e7bfa14c7b831b611d818522410b79f0d430ab18beea0d97527c17bf8de5b8a1ea44687c5b3a7fc8c3b6c
- SSDEEP
  
  384:xKH0NCRhivTJLEC8RXFlYV/GBTq02x5ImMAErNDn6:xKH0NewvyFRXFlYVoTq02x5B9Eln6
Score

10^/10

execution vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy