vipkeylogger | affb1d94d8bbd24d41b27bbe4068005aa2d29aaccca72b9ce611e1a49453398a | Triage

Submit
Reports

Overview

overview

Static

static

5

Fizetési ...pg.exe

windows7-x64

Fizetési ...pg.exe

windows10-2004-x64

3

Sharing

General

Target

13112024_1859_13112024_Fizetési nyugta-639181-jpg.img
Size

1.6MB
Sample

241113-xndaes1kbm
MD5

d7361a79aaa001b3b1db4b994bfc80b2
SHA1

29217045d928130f9e9eaa4e54e2f234b38757ed
SHA256

affb1d94d8bbd24d41b27bbe4068005aa2d29aaccca72b9ce611e1a49453398a
SHA512

873daead2daa83ef727160decbefd88a7e56b3452fa0b7fce6dfde2ff9872cc556495916c961c590f3f3555cda9c37eeb1d166e2f0c2899c770aca1eec47ecc9
SSDEEP

24576:7tb20pkaCqT5TBWgNQ7aCleJBY0Agl6A:4Vg5tQ7aCkZ5

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Fizetési nyugta-639181,jpg.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

Fizetési nyugta-639181,jpg.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

300 seconds

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  Fizetési nyugta-639181,jpg.exe
- Size
  
  1.0MB
- MD5
  
  11cb76a19262b6b580ac914cc91a162a
- SHA1
  
  3b7c7012c38632f4e5c8e44665ed8fce5c71d42d
- SHA256
  
  6c6df909a12aa572bc7f7ba7a1274503a8f3860fec5223f08017e51f2d2fb9a5
- SHA512
  
  c71388dc7ca7f4e9a0a1cecf6ea6f28fadd4a7682fe455408365824eb8a2c702813eb72917372c8b655b8be0b9d565dbde81fb1ae565fc2f8cc8550e26af96ad
- SSDEEP
  
  24576:2tb20pkaCqT5TBWgNQ7aCleJBY0Agl6A:jVg5tQ7aCkZ5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy