vipkeylogger | cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea | Triage

Submit
Reports

Overview

overview

Static

static

1

cf28af3788...ea.exe

windows7-x64

4

cf28af3788...ea.exe

windows10-2004-x64

Sharing

General

Target

cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea.exe
Size

898KB
Sample

241217-prryzszpgn
MD5

d206d2d4cc4961ace139ac7eb8c4f305
SHA1

72555790ce99624754007f0de9f8757fa4c4f488
SHA256

cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea
SHA512

599da72384d2799fa6d33f3dddd621373af0cbe956f99b811c42d6be1dfe16be4bb4c183640b40384b9aabae4f793ba4fd6d1f46c6ef22c24db4d91baad960f1
SSDEEP

24576:IX22+VsNxAe/3jvPyC2LqE3l8Et2F2Yuri:a2exAOyTv3uEtUW

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea.exe

Resource

win7-20240903-en

discovery execution

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery execution keylogger stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6675043108:AAG0v6eQpiK2_ep_3f58hzP5driBZyvUyRM/sendMessage?chat_id=6651300320

Targets

- Target
  
  cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea.exe
- Size
  
  898KB
- MD5
  
  d206d2d4cc4961ace139ac7eb8c4f305
- SHA1
  
  72555790ce99624754007f0de9f8757fa4c4f488
- SHA256
  
  cf28af37882fea56145883bee9a128cb31b51c07d449b49e3071499b5f6f70ea
- SHA512
  
  599da72384d2799fa6d33f3dddd621373af0cbe956f99b811c42d6be1dfe16be4bb4c183640b40384b9aabae4f793ba4fd6d1f46c6ef22c24db4d91baad960f1
- SSDEEP
  
  24576:IX22+VsNxAe/3jvPyC2LqE3l8Et2F2Yuri:a2exAOyTv3uEtUW
Score

10^/10

discovery execution vipkeylogger collection keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2024

Terms | Privacy