vipkeylogger

General

Target

32b531bc0e9b2afb8021aa3a44597a39d72efef2c3d0d21581778c05a0843d9a
Size

549KB
Sample

241114-jq6g4avpes
MD5

9a6c3804ff39d7da49e63598baf8dcd4
SHA1

7027b9717dfb5b41baec657464775136f59f8ec2
SHA256

32b531bc0e9b2afb8021aa3a44597a39d72efef2c3d0d21581778c05a0843d9a
SHA512

30358913cebd56b1dea3c423c5eace38f97fe3b6b60dd22c13059bb742bbed0db54844400024b9e3e128df3641726624cb1844fa3017895e0f95a349b3c5b6ba
SSDEEP

12288:wVCXJcvkZPNAGfvmv0yXyf0d0158fm3Q5sFIwcXfBBB:wVCXJcwVAGfvo20dIOfx5ILgfHB

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.singhalenterprise.com
Port:
587
Username:
[email protected]
Password:
balkishan@123

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.singhalenterprise.com
Port:
587
Username:
[email protected]
Password:
balkishan@123
Email To:
[email protected]

Targets

- Target
  
  Purchase Order-PO24141039.exe
- Size
  
  1.0MB
- MD5
  
  83a7f7678e54ce226c61aae138da3261
- SHA1
  
  398c72724adf455380eb0db1c342f27bcdc3d42d
- SHA256
  
  b881f4be05580756e5fa41e6fdca65b53a0c8e5f64e7e5393d8f4080b6b1d03b
- SHA512
  
  d2e7253b219a1d996e9c8d615b6c4c6318308eb4bc88de0ae164c7a29d1ad23c21aa4c62c41a67c0ab4b03d8628adf16ad1bdd0db2f687ef426a0c77af737ed5
- SSDEEP
  
  24576:Btb20pkaCqT5TBWgNQ7aRHtxgUKDCEV6A:SVg5tQ7a/xiDCs5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2