vipkeylogger | 680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015 | Triage

Sharing

General

Target

680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015
Size

932KB
Sample

241106-nzyk3asjgn
MD5

acf267b0d4419caff6a79c43e1711b33
SHA1

eb9b5a73815bcf20a23d014d7623004dd06ca10d
SHA256

680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015
SHA512

9fa068f707c21bfaea4ee15a7c47a9992ac43d2fca8294038624964a150e0514eb6eb3133b77146fa531f67188d6e2a78543234ae81ffcfc4035aedc60141c8e
SSDEEP

12288:e1AP1l8h+SBPc5BniqSAP3dt6IO7dLakiEZMSdAs3evICb1ycUpthh:3l8h+SBSiqSAP3dt6IO7Ti3Sdpq1ycQ

Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
cp1.virtualine.org
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015
- Size
  
  932KB
- MD5
  
  acf267b0d4419caff6a79c43e1711b33
- SHA1
  
  eb9b5a73815bcf20a23d014d7623004dd06ca10d
- SHA256
  
  680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015
- SHA512
  
  9fa068f707c21bfaea4ee15a7c47a9992ac43d2fca8294038624964a150e0514eb6eb3133b77146fa531f67188d6e2a78543234ae81ffcfc4035aedc60141c8e
- SSDEEP
  
  12288:e1AP1l8h+SBPc5BniqSAP3dt6IO7dLakiEZMSdAs3evICb1ycUpthh:3l8h+SBSiqSAP3dt6IO7Ti3Sdpq1ycQ
Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerspywarestealer