vipkeylogger | 8abe027300947e313c30323012e2a269cc135db18c61addcf3c5c9a4579d11d7 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO n. 0...ls.exe

windows7-x64

PO n. 0...ls.exe

windows10-2004-x64

Sharing

General

Target

8abe027300947e313c30323012e2a269cc135db18c61addcf3c5c9a4579d11d7
Size

596KB
Sample

241125-tc2bbstrez
MD5

2249cf4812b09032ee20163eaf2565c9
SHA1

1dced956cc5554c98d4be00a9709ecc293ec7801
SHA256

8abe027300947e313c30323012e2a269cc135db18c61addcf3c5c9a4579d11d7
SHA512

30c390f8c22dfcc715511d6505fa9c0a73809c6d77ccad3bce5b814ad320c30c739be64e387c2fade54b3b380acf6373aa962cde617557a65ee9eb694f125b8f
SSDEEP

12288:lhay9H5Mfusw+a1ayHATfc/W9fUXMOTJdqPC6oaVxq9zpFdvrZd:GKGw+3yze9fUdJdpaO9zRvrZd

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO n. 002EM QUO04011-J7Q0G8.xls.exe

Resource

win7-20240729-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO n. 002EM QUO04011-J7Q0G8.xls.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8109783712:AAHX64S2zMbAtd5EESNODfL2rSYCqupZWYU/sendMessage?chat_id=7174574119

Targets

- Target
  
  PO n. 002EM QUO04011-J7Q0G8.xls.exe
- Size
  
  1022KB
- MD5
  
  1f863254bc19f56cd787724f9fbcc114
- SHA1
  
  f479679da8ee0ebdc2bc91c5f6688e38ead640fe
- SHA256
  
  d0581817fed46fe760969b89796b6960fbdb097c1afd24709aa2edd982d0f407
- SHA512
  
  367ed4da49ef74544ff2e4b13abca4aca6f41e4ab1555cd0af87fb7b8b140ffd16acdb45654057ba56ab3801db89cceda88bc45173ad3f6f91fb218920e543e4
- SSDEEP
  
  12288:ftb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga37vDVBnrAm16A:ftb20pkaCqT5TBWgNQ7aLvDnrAm16A
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy