vipkeylogger

General

Target

450263cedbe5d901be307443c37f523199d3b580f25ec0a465f8e0a2168b6663
Size

1.0MB
Sample

241119-1vqe4sylar
MD5

dec46dac148d93e5e44e895b0ffd51e4
SHA1

dec610740835a7ffcd3a39a3fad82dc3eebc2830
SHA256

450263cedbe5d901be307443c37f523199d3b580f25ec0a465f8e0a2168b6663
SHA512

d62095c848bdd058460e38a9dccc24c1162535f683d3d51f81d954b95c80cd01f856e3303296f6fcab00732ec144a3854fb22b6f3efaf400a1d869c86390d3c1
SSDEEP

24576:Gtb20pkaCqT5TBWgNQ7aPlBfHXJqWU1IVz6A:zVg5tQ7aPHHZqWn5

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.mzgold.ir
Port:
587
Username:
[email protected]
Password:
goodGod2024

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.mzgold.ir
Port:
587
Username:
[email protected]
Password:
goodGod2024
Email To:
[email protected]

Targets

- Target
  
  450263cedbe5d901be307443c37f523199d3b580f25ec0a465f8e0a2168b6663
- Size
  
  1.0MB
- MD5
  
  dec46dac148d93e5e44e895b0ffd51e4
- SHA1
  
  dec610740835a7ffcd3a39a3fad82dc3eebc2830
- SHA256
  
  450263cedbe5d901be307443c37f523199d3b580f25ec0a465f8e0a2168b6663
- SHA512
  
  d62095c848bdd058460e38a9dccc24c1162535f683d3d51f81d954b95c80cd01f856e3303296f6fcab00732ec144a3854fb22b6f3efaf400a1d869c86390d3c1
- SSDEEP
  
  24576:Gtb20pkaCqT5TBWgNQ7aPlBfHXJqWU1IVz6A:zVg5tQ7aPHHZqWn5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2