vipkeylogger | 7bc0ac48b0f23d5b80758d2332f57c2bff160f93335ff72e101d0fa2c6914bb6 | Triage

Submit
Reports

Overview

overview

Static

static

5

H760MHPOWE...VE.exe

windows7-x64

H760MHPOWE...VE.exe

windows10-2004-x64

Sharing

General

Target

H760MHPOWERTOPDRIVE.exe
Size

1001KB
Sample

241128-t5fkbsynbk
MD5

d92a6a3ee6377f63c6ec95f7efb6da26
SHA1

b137b806e5a64d69e20fff5877a8c1d2fc15d0cb
SHA256

7bc0ac48b0f23d5b80758d2332f57c2bff160f93335ff72e101d0fa2c6914bb6
SHA512

402a036c4f9169641390e938b19887c966bc4a41480e024b93ae3e743a6b1fb7f6e4acb6fd6edb91b6c9154ee53cf5d16b9dc62d7e63efaf521abb09646e8824
SSDEEP

24576:Utb20pkaCqT5TBWgNQ7aq2UShpIFcS6A:9Vg5tQ7aq2phOFX5

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

H760MHPOWERTOPDRIVE.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

H760MHPOWERTOPDRIVE.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7567650575:AAHvGGF6TZiX_cMd8iYGZUXmOL-zDO7vZNI/sendMessage?chat_id=7654658491

Targets

- Target
  
  H760MHPOWERTOPDRIVE.exe
- Size
  
  1001KB
- MD5
  
  d92a6a3ee6377f63c6ec95f7efb6da26
- SHA1
  
  b137b806e5a64d69e20fff5877a8c1d2fc15d0cb
- SHA256
  
  7bc0ac48b0f23d5b80758d2332f57c2bff160f93335ff72e101d0fa2c6914bb6
- SHA512
  
  402a036c4f9169641390e938b19887c966bc4a41480e024b93ae3e743a6b1fb7f6e4acb6fd6edb91b6c9154ee53cf5d16b9dc62d7e63efaf521abb09646e8824
- SSDEEP
  
  24576:Utb20pkaCqT5TBWgNQ7aq2UShpIFcS6A:9Vg5tQ7aq2phOFX5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy