vipkeylogger

General

Target

6b76eb508fb4236757a2bae20bf0f13b232f66845ee10e207af3c3e48eb80099.exe
Size

607KB
Sample

241113-cl33vavclb
MD5

51c9f6d4e1e35f7c17200b1294fffcd2
SHA1

ca0b064a1cf6a2ca2ae702d2a037efb5175fd183
SHA256

6b76eb508fb4236757a2bae20bf0f13b232f66845ee10e207af3c3e48eb80099
SHA512

db2433a67b5467430feadb6d79068d555fb9f6b61cff845f246a03e9a652801c85f780b5df18bd02d0546af1ba4cfa5c191779d67bf72fa6bd460dad91eff6ae
SSDEEP

12288:93hOsNnpxA98r1sSMqyqTnRK/jUeVInHVNmiuIfR2iWdoJk/6Y:5IknpxA98r1sSByq1KADWKg9b

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.ardvessels.com
Port:
587
Username:
[email protected]
Password:
751555ardT

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.ardvessels.com
Port:
587
Username:
[email protected]
Password:
751555ardT
Email To:
[email protected]

Targets

- Target
  
  6b76eb508fb4236757a2bae20bf0f13b232f66845ee10e207af3c3e48eb80099.exe
- Size
  
  607KB
- MD5
  
  51c9f6d4e1e35f7c17200b1294fffcd2
- SHA1
  
  ca0b064a1cf6a2ca2ae702d2a037efb5175fd183
- SHA256
  
  6b76eb508fb4236757a2bae20bf0f13b232f66845ee10e207af3c3e48eb80099
- SHA512
  
  db2433a67b5467430feadb6d79068d555fb9f6b61cff845f246a03e9a652801c85f780b5df18bd02d0546af1ba4cfa5c191779d67bf72fa6bd460dad91eff6ae
- SSDEEP
  
  12288:93hOsNnpxA98r1sSMqyqTnRK/jUeVInHVNmiuIfR2iWdoJk/6Y:5IknpxA98r1sSByq1KADWKg9b
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2