vipkeylogger

General

Target

49b3a5b9adc10281015d59ca3b9439cd1201712133895cb848d33c66c8fbb1bc.exe
Size

1.3MB
Sample

241106-c2bnjasmez
MD5

8eefc053b6ed983bec5aff3dc3369b40
SHA1

84756cd09113665a8a8eba1d88da482bc276ada0
SHA256

49b3a5b9adc10281015d59ca3b9439cd1201712133895cb848d33c66c8fbb1bc
SHA512

60c0ced29238693be0cc2f4e20d219b4326fc4499ee216ddeb993714cd1565718f1af32f7a1af459845bcc1cd11ee0469189d54da86ebda4be651b7c4ff9a283
SSDEEP

24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aLvxFjSOLmYtDRqrHZAZsi+xX06kGGsFG40b:lTvC/MTQYxsWR7aL9LmkGAZsFX06e/

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7339564661:AAFzTB6gEWMndjXYyD5LCn17UEBISRR8wDI/sendMessage?chat_id=6443825857

Targets

- Target
  
  49b3a5b9adc10281015d59ca3b9439cd1201712133895cb848d33c66c8fbb1bc.exe
- Size
  
  1.3MB
- MD5
  
  8eefc053b6ed983bec5aff3dc3369b40
- SHA1
  
  84756cd09113665a8a8eba1d88da482bc276ada0
- SHA256
  
  49b3a5b9adc10281015d59ca3b9439cd1201712133895cb848d33c66c8fbb1bc
- SHA512
  
  60c0ced29238693be0cc2f4e20d219b4326fc4499ee216ddeb993714cd1565718f1af32f7a1af459845bcc1cd11ee0469189d54da86ebda4be651b7c4ff9a283
- SSDEEP
  
  24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aLvxFjSOLmYtDRqrHZAZsi+xX06kGGsFG40b:lTvC/MTQYxsWR7aL9LmkGAZsFX06e/
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2