vipkeylogger

General

Target

379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02.zip
Size

906KB
Sample

241109-cxqxnavjes
MD5

8311ecb1c18c00aa63fa2f890933b858
SHA1

3f249b673ea77a1ac4530f6e0e404ad7814edb70
SHA256

379e6c5ebde139b6ccf96a6ece6b8a24b74368dcb787e898ff4c593e76093e02
SHA512

433b575ed0afa04e31209d91424bb2435dc99fc6c38100d40e86fcc4985c0a29b517c4748961f294f894c9d7c4df638974eaa232b106c1150a6042d6a77742ec
SSDEEP

24576:wv8zCuG8DJSfrnsHLIIDiAcBM0CCwSncSs+0:g8OoDJSf6bfcCdXqc3

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6820629737:AAGJ8tOkoD9jFHkd_L1kG1ntQ1J6zLhFsMc/sendMessage?chat_id=6783205225

Targets

- Target
  
  fatura.exe
- Size
  
  929KB
- MD5
  
  49e9e776c6f5d00a090adbd8814ffdc7
- SHA1
  
  4ea5b8d7b7beb2ad75bbe583c4658093c4ab12bd
- SHA256
  
  ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903
- SHA512
  
  06e761bafcf3aa68a739ec24f17db1f9d1a36f59b940c8de12fd388dbd871dd2ab443a60c7723cd77ec1f52859cef469d9493759acc8acc1cfe1c471bf06f8cd
- SSDEEP
  
  24576:L4GHnhIzOa5WPGzwQA+jLgNK5O5Y1fmdruuAF:0shdaYP3t+g3d
Score

10^/10

vipkeylogger collection discovery keylogger stealer upx
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2