vipkeylogger

General

Target

PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe
Size

773KB
Sample

241216-qcm7xs1lfy
MD5

4b393b41e5b7bdd02e481816bec9ff4a
SHA1

35b60bdfa5130cc88b508f4fee9c226a2277517b
SHA256

b71fb82589e3532a9390352bc87f7c2edc2cd7fae723fe203500350a31559e17
SHA512

28ae160172d1d13a8b56dac51dd38f44c1cbf2c4755300d34adfc5c5638ee2375bc7cf8b29e8173933f0f3e672cd2e8e8469fa341e3356a0c7e34153e08ac0e3
SSDEEP

12288:ipdY9shQgZCnoCKpJTH7uag0rQ8Vt7W68RNkBXKU5YYyTAo187Ce6m05/W:WdhlyzKrHSaVrQ8i6UkxKVaSR7m05/

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe
- Size
  
  773KB
- MD5
  
  4b393b41e5b7bdd02e481816bec9ff4a
- SHA1
  
  35b60bdfa5130cc88b508f4fee9c226a2277517b
- SHA256
  
  b71fb82589e3532a9390352bc87f7c2edc2cd7fae723fe203500350a31559e17
- SHA512
  
  28ae160172d1d13a8b56dac51dd38f44c1cbf2c4755300d34adfc5c5638ee2375bc7cf8b29e8173933f0f3e672cd2e8e8469fa341e3356a0c7e34153e08ac0e3
- SSDEEP
  
  12288:ipdY9shQgZCnoCKpJTH7uag0rQ8Vt7W68RNkBXKU5YYyTAo187Ce6m05/W:WdhlyzKrHSaVrQ8i6UkxKVaSR7m05/
Score

10^/10

vipkeylogger collection discovery execution keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2