vipkeylogger | 989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48 | Triage

Submit
Reports

Overview

overview

Static

static

5

989c201580...48.exe

windows7-x64

989c201580...48.exe

windows10-2004-x64

5

Sharing

General

Target

989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48
Size

1.2MB
Sample

241117-dhbd4azcrq
MD5

0f103ca3251dfd12d4fbae8e53810799
SHA1

083bd1871e2e6ee332d18fc7def60e8770230fca
SHA256

989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48
SHA512

e47ddc4823cd125c598291cf303126dbb1c51f27601d298167676d873c71bb94d9de95882676c9f3cf49648a9388926fb4ddfdc6e108cc7c8369b7f5be38cabe
SSDEEP

24576:ffmMv6Ckr7Mny5QL8fFbXuD2QHsl0O2DmNXOy:f3v+7/5QL8fFjuDhsay

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.labogen.it
Port:
587
Username:
[email protected]
Password:
mail.2021*
Email To:
[email protected]

Targets

- Target
  
  989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48
- Size
  
  1.2MB
- MD5
  
  0f103ca3251dfd12d4fbae8e53810799
- SHA1
  
  083bd1871e2e6ee332d18fc7def60e8770230fca
- SHA256
  
  989c201580a3fb73ecfeb1e755e5048e9c2330809202b11a7386c87ba6af1e48
- SHA512
  
  e47ddc4823cd125c598291cf303126dbb1c51f27601d298167676d873c71bb94d9de95882676c9f3cf49648a9388926fb4ddfdc6e108cc7c8369b7f5be38cabe
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QL8fFbXuD2QHsl0O2DmNXOy:f3v+7/5QL8fFjuDhsay
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy