vipkeylogger | c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b | Triage

Submit
Reports

Overview

overview

Static

static

3

c46baa7cd7...5b.exe

windows7-x64

3

c46baa7cd7...5b.exe

windows10-2004-x64

Sharing

General

Target

c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b.exe
Size

763KB
Sample

241121-j9zhwszpgs
MD5

99be54eef515e3bb933f1b7fe2746e7d
SHA1

2c5351daf0d3f6d86541bf432680cab4b284f72d
SHA256

c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b
SHA512

41e989c379c8786ebfc1dc02686905e8b407b6fed21763df769321cc158d7b306094e3e613a9928b5447011eecbddde6de2c8e11777fcf7b66016746c418cad5
SSDEEP

12288:pe8o3x64EHoJffn6KZyztqIjP7pFbJAmhxnODIY703VBJ8k5bCqR:peRx5EIJHn6QyzfTFDAmhxOsY7G8kAqR

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b.exe

Resource

win7-20240903-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery execution keylogger stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
55#cHsR%iCPw
Email To:
[email protected]

Targets

- Target
  
  c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b.exe
- Size
  
  763KB
- MD5
  
  99be54eef515e3bb933f1b7fe2746e7d
- SHA1
  
  2c5351daf0d3f6d86541bf432680cab4b284f72d
- SHA256
  
  c46baa7cd710456d6f6a990295e929d62305036cc1592508ecea040a7bd3eb5b
- SHA512
  
  41e989c379c8786ebfc1dc02686905e8b407b6fed21763df769321cc158d7b306094e3e613a9928b5447011eecbddde6de2c8e11777fcf7b66016746c418cad5
- SSDEEP
  
  12288:pe8o3x64EHoJffn6KZyztqIjP7pFbJAmhxnODIY703VBJ8k5bCqR:peRx5EIJHn6QyzfTFDAmhxOsY7G8kAqR
Score

10^/10

discovery execution vipkeylogger collection keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy