vipkeylogger | f2dd6d6e19c788b4cb99a657639ffbae1e7ab5ff54c121ffaac86a494cf61e4f | Triage

Submit
Reports

Overview

overview

Static

static

3

YKBGunlukEkstre.exe

windows7-x64

YKBGunlukEkstre.exe

windows10-2004-x64

1

Sharing

General

Target

YKBGunlukEkstre.7z
Size

618KB
Sample

241108-stem8avdkj
MD5

e9fb2055e0cda79ba01554554fc95964
SHA1

f6de1200aa6674e10f17edf3c4859e4203deedf1
SHA256

f2dd6d6e19c788b4cb99a657639ffbae1e7ab5ff54c121ffaac86a494cf61e4f
SHA512

4ddec29712bbedc2d078b698409b443782694f26d9065cc61beb520b41f76b1829ce1e1449b5068fc64592bb1c0230083bc0bf352a132abed7cfeaa71a6fa640
SSDEEP

12288:gXxM9K4FD/XNSRsMYqUfYiqCLQ/HMGYUwic0hGsI:gXxIKq/9SHTCLEbWT0htI

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

YKBGunlukEkstre.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

YKBGunlukEkstre.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.akguneselektrik.com
Port:
21
Username:
akgunes
Password:
9H5xQVGg

Extracted

Family

vipkeylogger

Targets

- Target
  
  YKBGunlukEkstre.exe
- Size
  
  2.9MB
- MD5
  
  8866c07b36f379aebfabee79b0f263ac
- SHA1
  
  db1121a0e6cd16ffc6e5a05a278849858aee2841
- SHA256
  
  a3011ad648631ad2cac00f423cb3d5c6a35b94a26b5975890b2c7471dd4fd503
- SHA512
  
  8d8e8d4197af67dc10451018edb98ec911958624c5de99044aaed0bc8637ab9319ae65b5f50add058f4e4a781de72782cc22f1907ccc92ab0b2fadb68456ffd6
- SSDEEP
  
  12288:1qg/g+A9KxFXIXNPR+LoyI8ViqCLZ/HhGYpwdc0D+sK:FtcK7I9PYZCLNYZO0D1K
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

© 2018-2025

Terms | Privacy