vipkeylogger

General

Target

cdfda2de7ddabce55f109972c040afc9aa84a99361a02e92acdefa4f164eb1cd.exe
Size

1.0MB
Sample

241205-ta7qbs1lhz
MD5

c13a77c28b4cdc888239e31fb4179cdf
SHA1

0eaa044f725328747aaa5b2d1bf6eb6469b67f1f
SHA256

cdfda2de7ddabce55f109972c040afc9aa84a99361a02e92acdefa4f164eb1cd
SHA512

bd81bae61463c526aebdb95bdae09f12bb35f300a5443ac5a9f643e23a4e514aace8e4763333491aea7599b040613831687b81f2a15a3f0fbd89fc18e4102ee0
SSDEEP

24576:xtb20pkaCqT5TBWgNQ7aCHFrgrdGJE/X6A:CVg5tQ7a2Id+E/5

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
panta.home.pl
Port:
587
Username:
[email protected]
Password:
PANTA#Gda$2023

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
panta.home.pl
Port:
587
Username:
[email protected]
Password:
PANTA#Gda$2023
Email To:
[email protected]

Targets

- Target
  
  cdfda2de7ddabce55f109972c040afc9aa84a99361a02e92acdefa4f164eb1cd.exe
- Size
  
  1.0MB
- MD5
  
  c13a77c28b4cdc888239e31fb4179cdf
- SHA1
  
  0eaa044f725328747aaa5b2d1bf6eb6469b67f1f
- SHA256
  
  cdfda2de7ddabce55f109972c040afc9aa84a99361a02e92acdefa4f164eb1cd
- SHA512
  
  bd81bae61463c526aebdb95bdae09f12bb35f300a5443ac5a9f643e23a4e514aace8e4763333491aea7599b040613831687b81f2a15a3f0fbd89fc18e4102ee0
- SSDEEP
  
  24576:xtb20pkaCqT5TBWgNQ7aCHFrgrdGJE/X6A:CVg5tQ7a2Id+E/5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2