vipkeylogger | f6bc77a19dc8441e0c2a35dc81b89ac19c618acb4d45fa32754110ed30c61a79 | Triage

Submit
Reports

Overview

overview

Static

static

5

comprobant...go.exe

windows7-x64

comprobant...go.exe

windows10-2004-x64

Sharing

General

Target

comprobantesdepago.bat
Size

77.0MB
Sample

241119-wscn1strfp
MD5

08a6ef433d71fa3d8c12a49c90536e07
SHA1

36fb6637e9ca8086c55d9cf919bdd2dae3eb378d
SHA256

f6bc77a19dc8441e0c2a35dc81b89ac19c618acb4d45fa32754110ed30c61a79
SHA512

97f3914af07cc480f475bf38c06790dc015954da9d8d86cfbe4ccbe18e641a85eb4d4a9ebb60420be298c6790bd3592586c087e18b55bf8e4cea816e966a56b4
SSDEEP

24576:utb20pkaCqT5TBWgNQ7aGnuRUc1g0Zo/h/G86A:bVg5tQ7aGnuRA06h/35

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

comprobantesdepago.exe

Resource

win7-20240708-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

comprobantesdepago.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  comprobantesdepago.bat
- Size
  
  77.0MB
- MD5
  
  08a6ef433d71fa3d8c12a49c90536e07
- SHA1
  
  36fb6637e9ca8086c55d9cf919bdd2dae3eb378d
- SHA256
  
  f6bc77a19dc8441e0c2a35dc81b89ac19c618acb4d45fa32754110ed30c61a79
- SHA512
  
  97f3914af07cc480f475bf38c06790dc015954da9d8d86cfbe4ccbe18e641a85eb4d4a9ebb60420be298c6790bd3592586c087e18b55bf8e4cea816e966a56b4
- SSDEEP
  
  24576:utb20pkaCqT5TBWgNQ7aGnuRUc1g0Zo/h/G86A:bVg5tQ7aGnuRA06h/35
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy