vipkeylogger | 6c1748ec0692f3a7fff9fe45083a5267dc700a8384581b0303a52904f6995013 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTATION_...cr.exe

windows7-x64

1

QUOTATION_...cr.exe

windows10-2004-x64

Sharing

General

Target

QUOTATION_AUGQTRA071244úPDF.scr.exe
Size

1.6MB
Sample

241128-vwgayatqcy
MD5

85353cd58ce1fd6aeb033dbaa95fe17d
SHA1

c18eaee8cdea9607491ae77e722d0976dcdfc079
SHA256

6c1748ec0692f3a7fff9fe45083a5267dc700a8384581b0303a52904f6995013
SHA512

b1d1ad7158849e4d03c18d0f10c4a7fc2fe9ad4c4542eec5002cc04b8b77697eaefe11df2dc2bec547eb217d38510447fd452728c4465821e9df547d00d588dd
SSDEEP

24576:ysAAc5cDkdFvoccVq+jCADs3jaUSyjzBpLtMfAOa6HXY04H444l:3A3wkHvocoq0CO8eu/TOLasY04H444l

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATION_AUGQTRA071244úPDF.scr.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATION_AUGQTRA071244úPDF.scr.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
investms.vadavo.cloud
Port:
587
Username:
[email protected]
Password:
J@GnVg+k%NDodkS#6mY
Email To:
[email protected]

Targets

- Target
  
  QUOTATION_AUGQTRA071244úPDF.scr.exe
- Size
  
  1.6MB
- MD5
  
  85353cd58ce1fd6aeb033dbaa95fe17d
- SHA1
  
  c18eaee8cdea9607491ae77e722d0976dcdfc079
- SHA256
  
  6c1748ec0692f3a7fff9fe45083a5267dc700a8384581b0303a52904f6995013
- SHA512
  
  b1d1ad7158849e4d03c18d0f10c4a7fc2fe9ad4c4542eec5002cc04b8b77697eaefe11df2dc2bec547eb217d38510447fd452728c4465821e9df547d00d588dd
- SSDEEP
  
  24576:ysAAc5cDkdFvoccVq+jCADs3jaUSyjzBpLtMfAOa6HXY04H444l:3A3wkHvocoq0CO8eu/TOLasY04H444l
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy