vipkeylogger

General

Target

93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe
Size

829KB
Sample

241112-c6kr1asjhy
MD5

d9aeb1e99a348859d87a8fc58a3c6147
SHA1

d568677a26342609a0ca75d9a03b4f5123c505a1
SHA256

93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
SHA512

81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd
SSDEEP

24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw/sendMessage?chat_id=7267131103

Targets

- Target
  
  93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef.exe
- Size
  
  829KB
- MD5
  
  d9aeb1e99a348859d87a8fc58a3c6147
- SHA1
  
  d568677a26342609a0ca75d9a03b4f5123c505a1
- SHA256
  
  93cd630026182d693fec819abe05948efd94f9249ba58ed590055473e9e951ef
- SHA512
  
  81218882e7a7fec98fbe99ba445ba15ba73f5320e9b5c0fcd3634af69a1d4e90df5ee1b72997ef93bc9c5adefc7113e2e6f5909c53363a7abf5b15b7d03389bd
- SSDEEP
  
  24576:rbDc7+iLqgCBLqNATwJe9YESd4+/dD+lK:rbDceDLOSBdSd4XI
Score

10^/10

vipkeylogger discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  7399323923e3946fe9140132ac388132
- SHA1
  
  728257d06c452449b1241769b459f091aabcffc5
- SHA256
  
  5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
- SHA512
  
  d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
- SSDEEP
  
  192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4