vipkeylogger

General

Target

ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903
Size

929KB
Sample

241114-k58rfaxaml
MD5

49e9e776c6f5d00a090adbd8814ffdc7
SHA1

4ea5b8d7b7beb2ad75bbe583c4658093c4ab12bd
SHA256

ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903
SHA512

06e761bafcf3aa68a739ec24f17db1f9d1a36f59b940c8de12fd388dbd871dd2ab443a60c7723cd77ec1f52859cef469d9493759acc8acc1cfe1c471bf06f8cd
SSDEEP

24576:L4GHnhIzOa5WPGzwQA+jLgNK5O5Y1fmdruuAF:0shdaYP3t+g3d

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6820629737:AAGJ8tOkoD9jFHkd_L1kG1ntQ1J6zLhFsMc/sendMessage?chat_id=6783205225

Targets

- Target
  
  ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903
- Size
  
  929KB
- MD5
  
  49e9e776c6f5d00a090adbd8814ffdc7
- SHA1
  
  4ea5b8d7b7beb2ad75bbe583c4658093c4ab12bd
- SHA256
  
  ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903
- SHA512
  
  06e761bafcf3aa68a739ec24f17db1f9d1a36f59b940c8de12fd388dbd871dd2ab443a60c7723cd77ec1f52859cef469d9493759acc8acc1cfe1c471bf06f8cd
- SSDEEP
  
  24576:L4GHnhIzOa5WPGzwQA+jLgNK5O5Y1fmdruuAF:0shdaYP3t+g3d
Score

10^/10

vipkeylogger collection discovery keylogger stealer upx
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2