vipkeylogger

General

Target

ed0b3204ad6f17f5edff423b26f597ef5d795f2b27aad9fd9b50163c0ec79502
Size

627KB
Sample

241118-lzyvqavanl
MD5

e8fd4f42267006896f6d59af07cd4cd0
SHA1

e5a1ed22704da37178d854ec5999a9602735eea0
SHA256

ed0b3204ad6f17f5edff423b26f597ef5d795f2b27aad9fd9b50163c0ec79502
SHA512

44c52e5da75e841081caa7e87825b227b40252a2d96d4c8b914a6986594ef43a0a3594e4e625ee51af28667c9443d46b3c4b119358dea8dc1afe557d822a8296
SSDEEP

12288:jq5plSN7QjlbU8xjqIp+MO0OxjaVQB1nSsAHAn+ah29DHVhjh4S:O5pUBQ+IpBOVaCBlIg3wDHVh2S

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.singhalenterprise.com
Port:
587
Username:
[email protected]
Password:
balkishan@123

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.singhalenterprise.com
Port:
587
Username:
[email protected]
Password:
balkishan@123
Email To:
[email protected]

Targets

- Target
  
  01831899-1 FDMS3008SDC.exe
- Size
  
  3.3MB
- MD5
  
  e9e2f3739a0cb1a0025c2721ce80c79a
- SHA1
  
  4360ce0f74843faba747e3746a37e49d965e319b
- SHA256
  
  2fee9e3c6155c5716c179eec08819cd55bc5dc1171cb7ad47036ece432cfb1ef
- SHA512
  
  07af22b42f4967c443b151fd0225e7b6fb4d908acb447186fca0eb6c9b3bb6ad76689d3b4634d0b79cc39cde5143c8f11b6c4423481b38a131ac0f42ee770c32
- SSDEEP
  
  12288:BjvjM34XUe5Z20BXdHhOoaVUQqiJL2Lchnlk8lq7oIqvdkDykVHWCaDq:BjrdUOY0phAoaVUQn2LcHk8lq7oIII3X
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2