vipkeylogger | 59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9 | Triage

Submit
Reports

Overview

overview

Static

static

5

59371bae08...f9.exe

windows7-x64

59371bae08...f9.exe

windows10-2004-x64

3

Sharing

General

Target

59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9.exe
Size

77.0MB
Sample

241205-tdehys1mhw
MD5

7d5e395c60e21199690dd81c3348a7ad
SHA1

3f8298179dea0b98b7f663ce39172a1c2b874e4f
SHA256

59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9
SHA512

8a5d41b81a1198ab452e627bfabbe0aee9bc7c14f1ed77748a1810da6033099a0c6d40e6b866aef6c004eeb93e7bcb45f7142ffd545583c31f4302e9d471d7f2
SSDEEP

24576:Ptb20pkaCqT5TBWgNQ7aZrYSgOih4ZxAK6A:MVg5tQ7aZ8SgOihi15

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9.exe
- Size
  
  77.0MB
- MD5
  
  7d5e395c60e21199690dd81c3348a7ad
- SHA1
  
  3f8298179dea0b98b7f663ce39172a1c2b874e4f
- SHA256
  
  59371bae08a6c079efc87455c42e730ed71973daf3563105a4fe9480e1a9baf9
- SHA512
  
  8a5d41b81a1198ab452e627bfabbe0aee9bc7c14f1ed77748a1810da6033099a0c6d40e6b866aef6c004eeb93e7bcb45f7142ffd545583c31f4302e9d471d7f2
- SSDEEP
  
  24576:Ptb20pkaCqT5TBWgNQ7aZrYSgOih4ZxAK6A:MVg5tQ7aZ8SgOihi15
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy