vipkeylogger | 2392583c488d5bb95ea7bd8f2f920fe27b2b27f6c1993606aca7be7cfe084d42 | Triage

Sharing

General

Target

2392583c488d5bb95ea7bd8f2f920fe27b2b27f6c1993606aca7be7cfe084d42.exe
Size

756KB
Sample

241119-bf16maxhpe
MD5

11f939718d225d8b5acd79c434d3d9e0
SHA1

73ca32ce2bdd4b78bd096042407526ec19a22e8c
SHA256

2392583c488d5bb95ea7bd8f2f920fe27b2b27f6c1993606aca7be7cfe084d42
SHA512

b7941d5e1c98ef1d98f989cc6c6177de9efd823cae13fa9c0d3b40b05f52118194f0f2a9c151e419e86ec181e9381c0f104c4a92de57849057e9ad343055b4f9
SSDEEP

12288:l2+nSPz5JA/EME8jGql7WV1OaTpFJKoewYlfM9D9HFu4Q:noz5m/EJz+FaTEo7Yl4DPu4Q

Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
}7KaoV%+ZDr75*4004
Email To:
[email protected]

Targets

- Target
  
  2392583c488d5bb95ea7bd8f2f920fe27b2b27f6c1993606aca7be7cfe084d42.exe
- Size
  
  756KB
- MD5
  
  11f939718d225d8b5acd79c434d3d9e0
- SHA1
  
  73ca32ce2bdd4b78bd096042407526ec19a22e8c
- SHA256
  
  2392583c488d5bb95ea7bd8f2f920fe27b2b27f6c1993606aca7be7cfe084d42
- SHA512
  
  b7941d5e1c98ef1d98f989cc6c6177de9efd823cae13fa9c0d3b40b05f52118194f0f2a9c151e419e86ec181e9381c0f104c4a92de57849057e9ad343055b4f9
- SSDEEP
  
  12288:l2+nSPz5JA/EME8jGql7WV1OaTpFJKoewYlfM9D9HFu4Q:noz5m/EJz+FaTEo7Yl4DPu4Q
Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerspywarestealer