vipkeylogger | 7836fecda90794f9f26f1d488129dc6759efc16dcff22e2c7cb962a79e31811f | Triage

Submit
Reports

Overview

overview

Static

static

5

PO#I-23-00007.exe

windows7-x64

PO#I-23-00007.exe

windows10-2004-x64

Sharing

General

Target

7836fecda90794f9f26f1d488129dc6759efc16dcff22e2c7cb962a79e31811f
Size

593KB
Sample

241125-wkl8gsypez
MD5

203d76a721a8bd7d72b702f5acfb2614
SHA1

75a9d15c84cbae9042fa728b28592f673a11b44b
SHA256

7836fecda90794f9f26f1d488129dc6759efc16dcff22e2c7cb962a79e31811f
SHA512

bedaeea21303dd43b79298eec13fd78272d48a01485d47d646162748095e807e2b024b4ff9086a959458479a07bdee6747ffa390812e6170727a52379eca1dea
SSDEEP

12288:aqR0500ETDTaFDPcjNgd5i+sB37cNS2OvsRHR6Ryujfk8Fb5cTmPem02O3RPjaqD:Pu3MXoDPc5gmt97c8sRHR6BFFb5cuPCX

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO#I-23-00007.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO#I-23-00007.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7567650575:AAHvGGF6TZiX_cMd8iYGZUXmOL-zDO7vZNI/sendMessage?chat_id=7654658491

Targets

- Target
  
  PO#I-23-00007.exe
- Size
  
  1019KB
- MD5
  
  95ecc2979fabf0a71de66cf0118a2d4b
- SHA1
  
  b2d2228b0a68a3540202047b1354c9ae82f4a708
- SHA256
  
  c9a799cb029d817194203008faa6533d7acb82c0afe324d290ec8459723f8e12
- SHA512
  
  5ca294850a88e969aa9f8e99880aa647a078a589f189c5d024ab9e6b45e66b20ba18b677f9f7c8a8ebc1744568b10414194629da5f3fb2dd5cb6a7cf49faafd9
- SSDEEP
  
  24576:jtb20pkaCqT5TBWgNQ7arbPlV9bUubqA6A:gVg5tQ7arn9bR5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy