vipkeylogger

General

Target

867c2b0b46aa21ddd3f73b517c673a7487bc254f0cc61f0a0183746c216ef3d9.exe
Size

689KB
Sample

241116-lcnfgatejl
MD5

667625da32aaa6869821686699345119
SHA1

e9a3d9052570a6e36b8c7c7fd2bd4f551ecc4bcb
SHA256

867c2b0b46aa21ddd3f73b517c673a7487bc254f0cc61f0a0183746c216ef3d9
SHA512

713998e1959e8919d1fa2278f90196fad77d07cb842dd8fe3da2ca921809ea79476479f5333310b629f0b85814f5e308c872fd6875a2be0ffa1d53a622732623
SSDEEP

12288:J3HI6it7tWBpHyZZe8HjeDmRvdddQbzPfcdf3s09eYMW:JHIR/WBpGVHjeCR1Xpdfs0s

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  867c2b0b46aa21ddd3f73b517c673a7487bc254f0cc61f0a0183746c216ef3d9.exe
- Size
  
  689KB
- MD5
  
  667625da32aaa6869821686699345119
- SHA1
  
  e9a3d9052570a6e36b8c7c7fd2bd4f551ecc4bcb
- SHA256
  
  867c2b0b46aa21ddd3f73b517c673a7487bc254f0cc61f0a0183746c216ef3d9
- SHA512
  
  713998e1959e8919d1fa2278f90196fad77d07cb842dd8fe3da2ca921809ea79476479f5333310b629f0b85814f5e308c872fd6875a2be0ffa1d53a622732623
- SSDEEP
  
  12288:J3HI6it7tWBpHyZZe8HjeDmRvdddQbzPfcdf3s09eYMW:JHIR/WBpGVHjeCR1Xpdfs0s
Score

10^/10

vipkeylogger collection discovery execution keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2