vipkeylogger

General

Target

86abe99cbf0d1a6691901e30dedc27c32f8ed8d8426bc0dc1d7c1b6e0faddb99.exe
Size

1019KB
Sample

241115-t6ygjaxfld
MD5

55722e0a1109d512970d1b3ea72ab6e9
SHA1

5018b2197679dcbf0d39f4878dd787a53080630e
SHA256

86abe99cbf0d1a6691901e30dedc27c32f8ed8d8426bc0dc1d7c1b6e0faddb99
SHA512

958f4862a987960ec7508dcc9a9810e7ce6b0d9d2dad2b223438faafcdf6f552c0a3f6ab494ca25f11013f9e0aedc4609bf6a979342a884ce59138da4dd713cb
SSDEEP

24576:HAHnh+eWsN3skA4RV1Hom2KXMmHawap00a6kZ/K5+:6h+ZkldoPK8YawuBk6+

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7563060616:AAGgGu8pocoVNLzoow0Ge2U2GVDS9nDmL6Q/sendMessage?chat_id=7222025033

Targets

- Target
  
  86abe99cbf0d1a6691901e30dedc27c32f8ed8d8426bc0dc1d7c1b6e0faddb99.exe
- Size
  
  1019KB
- MD5
  
  55722e0a1109d512970d1b3ea72ab6e9
- SHA1
  
  5018b2197679dcbf0d39f4878dd787a53080630e
- SHA256
  
  86abe99cbf0d1a6691901e30dedc27c32f8ed8d8426bc0dc1d7c1b6e0faddb99
- SHA512
  
  958f4862a987960ec7508dcc9a9810e7ce6b0d9d2dad2b223438faafcdf6f552c0a3f6ab494ca25f11013f9e0aedc4609bf6a979342a884ce59138da4dd713cb
- SSDEEP
  
  24576:HAHnh+eWsN3skA4RV1Hom2KXMmHawap00a6kZ/K5+:6h+ZkldoPK8YawuBk6+
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2