vipkeylogger | d775aa551e2c757a8c37cef5ae1d63c2950f6472e902e63eb97a58c76f119374 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO n. 0...ls.exe

windows7-x64

PO n. 0...ls.exe

windows10-2004-x64

Sharing

General

Target

d775aa551e2c757a8c37cef5ae1d63c2950f6472e902e63eb97a58c76f119374
Size

608KB
Sample

241126-wkz5caymfn
MD5

1a9674e0ac3c8748550d6bb5b6a4a22f
SHA1

f7f361a9e75d54b2b01d804b88a92e92d8394ffb
SHA256

d775aa551e2c757a8c37cef5ae1d63c2950f6472e902e63eb97a58c76f119374
SHA512

30028455193c9fbcc4c6be899e95596c6bb4c5a9642d62538ea2f78188fc9987f634b22208bfc2d3c0879af3793e0f59892a116b6f6ddc1f9e3b26c7c06c8796
SSDEEP

12288:fQJPMXAiW51Sz9wdLQrDuMyQ1uRRmqZnaOpCwgmvi9iuokC+9MJRZAJEddNPErF3:gPjT51S9wdLQrAQALLxvgqj76JCNMrF3

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO n. 002EM QUO04011-J7Q0G8.xls.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO n. 002EM QUO04011-J7Q0G8.xls.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8109783712:AAHX64S2zMbAtd5EESNODfL2rSYCqupZWYU/sendMessage?chat_id=7174574119

Targets

- Target
  
  PO n. 002EM QUO04011-J7Q0G8.xls.exe
- Size
  
  1.0MB
- MD5
  
  e98b81788b156fd3436bb28d77ae3506
- SHA1
  
  325507cd9d3f939c47f04f75d5153485e8e82a95
- SHA256
  
  e2855fd2cff839fc5fc04250f45c1f4d429657252888141d41743e17bdf586d4
- SHA512
  
  3592db7793dab87de579976bd910a19980ade7a20ee2061df75d0d86466f89ca015b5aebb562809301799d56e24cf10d9a60fcd4da3d6308903476117f6d8da9
- SSDEEP
  
  24576:vtb20pkaCqT5TBWgNQ7aUxEqN/kRk9M1EyP6A:sVg5tQ7aUaQkJv5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy