vipkeylogger

General

Target

Nuevopedidodecotizacin6638374899272.pdf.exe
Size

1.1MB
Sample

241218-p6d1nszlfx
MD5

7d291da9b6e5251a9a22673230884b5f
SHA1

95b9391bc0315edbd30ceabe0c272256d83bdd8c
SHA256

7d7a7efa7daf9bb3031e0210f6e66cf756f1efdf8b9a95de6ea510a0fd3df5d8
SHA512

d63b8e64a00cf247f0c2eeed224ae11b7f560cbcdeebb9aa67bd729e72947bb363db43c5fda2b4a3b11b20e04f1f196203b81193b04f394a9a8c179ce08e5cf9
SSDEEP

24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aHAyDtV4bSk7NbPA:ATvC/MTQYxsWR7aHphASkh

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.acadental.com
Port:
587
Username:
[email protected]
Password:
Dental9201$
Email To:
[email protected]

Targets

- Target
  
  Nuevopedidodecotizacin6638374899272.pdf.exe
- Size
  
  1.1MB
- MD5
  
  7d291da9b6e5251a9a22673230884b5f
- SHA1
  
  95b9391bc0315edbd30ceabe0c272256d83bdd8c
- SHA256
  
  7d7a7efa7daf9bb3031e0210f6e66cf756f1efdf8b9a95de6ea510a0fd3df5d8
- SHA512
  
  d63b8e64a00cf247f0c2eeed224ae11b7f560cbcdeebb9aa67bd729e72947bb363db43c5fda2b4a3b11b20e04f1f196203b81193b04f394a9a8c179ce08e5cf9
- SSDEEP
  
  24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aHAyDtV4bSk7NbPA:ATvC/MTQYxsWR7aHphASkh
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2