vipkeylogger | f266e2fb3de7c85ece28032317f577ea730183e1ccc6e597005615b355e7b60e | Triage

Sharing

General

Target

f266e2fb3de7c85ece28032317f577ea730183e1ccc6e597005615b355e7b60e
Size

14.4MB
Sample

241225-ntm75ssmdv
MD5

8b316db4c0244dd1ba1c3aea2e5ec4da
SHA1

fc5998837d29c05dc6c4437065ab0e55de11e71e
SHA256

f266e2fb3de7c85ece28032317f577ea730183e1ccc6e597005615b355e7b60e
SHA512

eaa51828945051a05df0b2486d4c8af8f56bdef0958174b24a86b2a76c4086cd20dfaf9ad66632cfac5ace00038e01f88329a1377ec664cb3fa7dbde1c100279
SSDEEP

393216:xWjVLHi5PkSftV6I9N5VOkh2e4uqsVXmchHKKNXrZAaqFQvHSW2e:xOhHi51b5njRqsVXmUHpBMLW2e

Score

10^/10

vipkeylogger discovery keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Targets

- Target
  
  DllErrorRepairTool.exe
- Size
  
  2.1MB
- MD5
  
  39981c3bec2c827df8b61950ec1c0316
- SHA1
  
  2b17d01951d2b821344ca25d7d25f5f19f0acac4
- SHA256
  
  a3f332cba07121cd17706ddd005087946d643201b3fa55678a8a816801f47d41
- SHA512
  
  ed8293a512895798bd74c96705e1fb03764d1574e99ffa4d29320c7745e6478e33e03991a3c6c16b3d8793c53bdf16aaf3449ce5f9c077869675243e853293d1
- SSDEEP
  
  49152:WIr3mzQXkuU3D9Aq66e3Rak9Aq66e3RaW3w:NDmEXkZF66d+66d+w
Score

10^/10

vipkeylogger discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
behavioral1 behavioral2
- Target
  
  DryIoc.dll
- Size
  
  776KB
- MD5
  
  1cad76d5b36d808193e8caf10b522f1b
- SHA1
  
  6ed1060996acb01ad57f2c5da5513edcfc8b6738
- SHA256
  
  538259ac00943f78b94a723b65b46f0c6b9940dd64500fb335e9444322c9746e
- SHA512
  
  7631f7dd836d8880fc1d629fc958fccae278b4b1524bd0c014609f14eb97f7b8c335fea209e419819de429ae5b518e6aadc8e48dcbd532f8484aebcd544d13de
- SSDEEP
  
  12288:GC9dYUwD6b+y47Aw/nJQxG2mn/njY0eF2b6tPw6Ce3s8NnjcvQAtH67/ehNkwu3W:TMAw7/njY0eF2OtPw9jK/aNkMlP
Score

1^/10
behavioral3 behavioral4
- Target
  
  LenovoSdk/x64/LYSDK2.dll
- Size
  
  3.3MB
- MD5
  
  8412cb29ef8ff819a1fa5b1e9ed0e2a8
- SHA1
  
  889a6e17e0a5a3e667d48743e13692a861ceaf7f
- SHA256
  
  6647f66dbc3913af922f8544e297a67ecbb8c010ad26791d74f3af85d3d7c667
- SHA512
  
  3aec0553a70309c1efc4967e9da807d23ec28a0ab05d8cb982223dc3c4c77fe0ed2f7ba5abec92f61486088b87dad7daae3d5ecdcb5e2a36b64b894f75e33228
- SSDEEP
  
  49152:/Z/YEZ+OCaXWDaShlSYCrh6pKR6w2OWt2HsjBAkmWQ7nyLPfQYwJvECooPvz8t46:B/YEnC7DoTD/ytwJY5
Score

1^/10
behavioral5 behavioral6
- Target
  
  LenovoSdk/x64/LsfSdk.dll
- Size
  
  6.3MB
- MD5
  
  8ba8782b403fe486fd3a1f643986fe4c
- SHA1
  
  12a4e785269470eb192b9f9249795f435ef5c7c2
- SHA256
  
  af0100fd16fbb0e6fe3fb1d5405a9b01ae8895ef86753bc49a5aa1b2ff1b8304
- SHA512
  
  176d25af436a09cd50dd01b1c43b7ceb8c7ed8212479a61fa124accbaeb2a32aae3f97792cd8a68743bc66e5f60fa19b2b58ae015207759f59456664f0d8ec8e
- SSDEEP
  
  98304:4Be5WFNy4DAsBUewNKuTrqnWv+6rJHl+1LD59L/wB:PaaqWvzJHl+DHjw
Score

1^/10
behavioral7 behavioral8
- Target
  
  LenovoSdk/x64/WebView2Loader.dll
- Size
  
  133KB
- MD5
  
  2e3f0bf9337083a32aaa5dc68dd1c3bf
- SHA1
  
  72e669417245b7b6918cbd379a7ce9675bf445ea
- SHA256
  
  fdf978ba706578b05967d7f0181f462147864a5aa74f36016a62cb3d3dbe6909
- SHA512
  
  3b06ab9ccd07b95d2a5e1a4fd673978d24146692a07dbdc5fff19c15e140d7304c065c35be7fa08850c7d4586effec6586f87515e3f3c074b7a5b9796a58631b
- SSDEEP
  
  3072:kPzSYWDiiK+shdkt7E86qWBgbFCAg3esIDKEtn2C85N1d3j:FDicWdCD65BWFCEt0pj
Score

1^/10
behavioral10 behavioral9
- Target
  
  LenovoSdk/x64/ludp.dll
- Size
  
  1.8MB
- MD5
  
  53a2aae20a39413ffd380a05a0ccb3c3
- SHA1
  
  45bf47062669c9bcd056f2cd23e12b6a649e2866
- SHA256
  
  23faf60e214e1c7f19ac3aacd339f6c82311d6d50b07a509b54ffe7c20de0b60
- SHA512
  
  19c7f3b101eaa9280bbe25b7dfb0a0749bf020839961b3f37a120d877c2a15c69c8e5a5776696db09c2b8ddedbaa6521edd50a0e81a22933fa013a1a1651e92e
- SSDEEP
  
  49152:fGtlqpfoJPtGx+YK/NkhkIn2oV8CeBxJTpe4:WRYKVkhZV2j
Score

1^/10
behavioral11 behavioral12
- Target
  
  LenovoSdk/x86/LYSDK2.dll
- Size
  
  2.6MB
- MD5
  
  d4629463ab7d0b655c4ae8090a979561
- SHA1
  
  1cb5ec0aacc5063f6ea8a93c0e137fa22677a72b
- SHA256
  
  bc3e86c712aa6827d10d9df6e8571f1880b2e705222abd8355a83966c7c9410d
- SHA512
  
  6d4b1ae7bebc01be653c881627530accf568ca1fd380ad8350f0802374c4cb198d12956131a7b85f59523106506445b81c1c2201ff5af6fa59de4aa81f94d718
- SSDEEP
  
  49152:piHGiseUq0YOdJ7HLzLGP4zLarwfYHWbUsVRjN3BtW+ZB:pUKdJrL/XarwftB
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  LenovoSdk/x86/LsfSdk.dll
- Size
  
  4.8MB
- MD5
  
  f16006f1c902f23b4afcce5123564955
- SHA1
  
  94a58044ca8f0f84a598ff4145019caa06f856c6
- SHA256
  
  6bf07a7927c7ec501e1b2d76af0c0bb83228c6267992e15117214d07d83ebeb4
- SHA512
  
  85f101f3bec37930cd8bbdc638212e9a6d0f028d6f6937ff15111471da957b7b83a62bfac676210a6112e86f9ca9ff1f34d2300a46fe241798ba04e0c77808ea
- SSDEEP
  
  98304:hMU0nTXvOcZeTYsHMWaj9HiSPtqXnJSjjWtCrVLhbAlcfGv5iXEQd+4GuWpPBY:SU0nTXvOcZeTYPBrtqXJjwVGcK4GuW9S
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  LenovoSdk/x86/WebView2Loader.dll
- Size
  
  104KB
- MD5
  
  29938d9e2f27e281dd8545ad364e6fa8
- SHA1
  
  25aa113097aa11e13442b7c8893631d7f5fe2f06
- SHA256
  
  49c0650616eadfa63394558cd1d3ed9f64918d5ed38ab3ef32ad0249283df0ef
- SHA512
  
  6dadd004471554a160528b509bc2b3382d535e9b06208de22ad4d1079cece9a3f9948ed005730195f1a40f973017ab0c3312bcb2de16dc7dcc199c741e082672
- SSDEEP
  
  3072:Q8oKJ5W9LqSv6CB8GP1TZqoc6Y8DbEt+9JMkMluW:uKbsL8G2+EtWJkluW
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  LenovoSdk/x86/ludp.dll
- Size
  
  1.4MB
- MD5
  
  c6457e2c0a89995c345ecebe05823d84
- SHA1
  
  926dc7a9ec090f07b82d2966379cc4afa96862a1
- SHA256
  
  5651d4bee101c542f3188a41a987cd8250edd09c2478e1632655702a5f9ddfca
- SHA512
  
  cab5d449d07cbbd3a8d21219dc14a097c1145ad8d7aae6c2859fd6faa09802e488b0319202a2ad62a826fc3427038b8bf5f82fd14e7ce5a2cca8d28ceab68cda
- SSDEEP
  
  24576:JV8wfHjCAq3MN4E6J/gTApBLkIIVWHy+3MXVj3s8oZX5Yxe2qywPIbn9YCbEuPT+:bV8n3wrHNd0seOpH9lKEq455Q
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  461KB
- MD5
  
  0901d7f2f8b621433f3eaee6a63cb8d1
- SHA1
  
  12bf14a2ad26f568f78e4a9304234a6a990757ba
- SHA256
  
  c6feb73ec1cb9271f2004d2586fe1833621a0fcd3d04a6fc1dcf08557d634ac0
- SHA512
  
  e428770009468c5e48e843031758d2ec2af3ceb3c0614248b17e90105415d7ddbf9783e5cfa77738731cf3aceaca788afa7405944dea0af3247ac5f0a4638b40
- SSDEEP
  
  12288:5MYWHzByTrx3YSi+iKmRFNge1+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1SW:5HWTBFI
Score

1^/10
behavioral21 behavioral22
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  3c9b7577684a73da6b03ee48438a9af4
- SHA1
  
  d889940dc0960eec990e9c2f47270cc5566d5e09
- SHA256
  
  fe0782a637c76982ca040bea1eb19b590c28b006866b38d70ea39199825b64cf
- SHA512
  
  49dcf78cd4c583fd91a44f6ef56678fd95a90e6e4dbaf81a1481b7fa5318e9cb18ed85be2d74a8f83b52a6f3a6302c196d989be7161aaf231295f0499ab0024d
- SSDEEP
  
  768:cNGbP6+wT3tcZDgcEST3p4Jjrjh2jJFSUyauYv1JKia5/Zi/WGQKVu6besgE7wwM:gGm+wtcZDgcEST3p4JjrjaJFSUyau01I
Score

1^/10
behavioral23 behavioral24
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  43KB
- MD5
  
  611c83edc9a644a30a09b0dff410908f
- SHA1
  
  b6abb1b2bb2bb13d887a7f7ff03f815772f98818
- SHA256
  
  f66bba17bae3df35d2330bc3ca252419207dd61f5a4f726151d577adc2ddb8a8
- SHA512
  
  fc819fbe97adba5b12cec93aa6e15e1921f7ab36a492d6e4f796e242bbed4dfe30135e8b05e96cb49c29a07644ec8243fc97b0bcc60102d3f7e49866877065f5
- SSDEEP
  
  768:4+1TnX0ebrQYK+14v0td1EXp5+eZ8lcDP/ryEH0yBy4JjrD1h2j5h3URGvkz7FKi:TX0aBK+1IFpZ8lcDP/ryEH0yBy4JjrDf
Score

1^/10
behavioral25 behavioral26
- Target
  
  Microsoft.Win32.Primitives.dll
- Size
  
  20KB
- MD5
  
  76b8d417c2f6416fa81eacc45977cea2
- SHA1
  
  7b249c6390dfc90ef33f9a697174e363080091ef
- SHA256
  
  5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695
- SHA512
  
  3b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7
- SSDEEP
  
  384:/N9VWhX3WsQBm0GftpBjvmaQHRN7YlgaGn7rJd0:1GmViYL0Gff0
Score

1^/10
behavioral27 behavioral28
- Target
  
  NamedPipeServerStream.NetFrameworkVersion.dll
- Size
  
  22KB
- MD5
  
  761c8528c692239f8d95fd987623ef35
- SHA1
  
  3f17ff8874cfa5ea32e38a22c0348e688eb5d80e
- SHA256
  
  f4fa088b639bb0a06ed823a541fe36c653aaa84b5a59522481eadb219ce4a07d
- SHA512
  
  4f0ff4ef66e40c293da4bf619864952c6de45a26b7601bbefc1b92f0749195bf29c297d58ab2da9a3f81904f38951b3710fab8b8e1dcbd65396006d9327b48f6
- SSDEEP
  
  384:+ZjWCAgD27jlIbMQv/u2WuFRnK263v4QPSn8SJIVE8E9VF0NyTLb:YPDmjSa2TcF4Qgl2E9
Score

1^/10
behavioral29 behavioral30
- Target
  
  Netpower.Analysis.dll
- Size
  
  70KB
- MD5
  
  ebdc61da5b7e69ff1c6c232d4cd7c909
- SHA1
  
  38a26d8703afcd3c1d0d90607ba3e4dbe93348fd
- SHA256
  
  7735b9c4292221d0c13fd6f82a65985cf2548e9270ad05aef6b8b5009bebf75b
- SHA512
  
  1404de82f79ead7bb90ba1e96c7c93723aa18512f7d939058e9cfa50e07441ff00befa7e96d4a1ec9d0cc3a9eec6742ffc7a3fdcbd39772a9b79625a3380a976
- SSDEEP
  
  768:M4O+ObGH/NFqOoiRGuVddwZY6Ya62aqGhXaCB+nAFIqAeNh0qT1vABOfpQa6VX35:M5CvqOoWGuD47yFGqAO9T1vxQaYY4YPO
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

keyloggerstealervipkeylogger

behavioral1

vipkeyloggerdiscoverykeyloggerstealer

behavioral2

vipkeyloggerdiscoverykeyloggerstealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32