General
-
Target
0fa6ec35baf7c545d34fd951158f76356f9f9137481fe4da8b2306e65fb255e6
-
Size
242KB
-
Sample
241117-vr3ndatnew
-
MD5
dcee375c2af4d1dbb15a191708e17f43
-
SHA1
55e0abac12848e2e5d8d67fce607e1ab79abd4ae
-
SHA256
0fa6ec35baf7c545d34fd951158f76356f9f9137481fe4da8b2306e65fb255e6
-
SHA512
60438fc43c56218e248c25f286475bb06a003d7054e255eed4e1373cd46d2c5497f46ab27aa84850a48eba3a0d3826c0854b965f396e136d339013aea218c3b3
-
SSDEEP
6144:GK0jMsk4ciMA4W+hlEyUaq+YaeQB99PvPdHDYDvgbUrlb:GK0jMsk4ciMA4W+hlEyUaq+YaeQB99P4
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7209380453:AAEH-gogMFfHJ_6z9TDZgjtKUpNlaCxNBdw/sendMessage?chat_id=2104099256
Targets
-
-
Target
0fa6ec35baf7c545d34fd951158f76356f9f9137481fe4da8b2306e65fb255e6
-
Size
242KB
-
MD5
dcee375c2af4d1dbb15a191708e17f43
-
SHA1
55e0abac12848e2e5d8d67fce607e1ab79abd4ae
-
SHA256
0fa6ec35baf7c545d34fd951158f76356f9f9137481fe4da8b2306e65fb255e6
-
SHA512
60438fc43c56218e248c25f286475bb06a003d7054e255eed4e1373cd46d2c5497f46ab27aa84850a48eba3a0d3826c0854b965f396e136d339013aea218c3b3
-
SSDEEP
6144:GK0jMsk4ciMA4W+hlEyUaq+YaeQB99PvPdHDYDvgbUrlb:GK0jMsk4ciMA4W+hlEyUaq+YaeQB99P4
Score10/10-
VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
-
Vipkeylogger family
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-