vipkeylogger

General

Target

2B34AD054E9DDE8CBC0ABFBE1379A7F0343CB32D92F3411EC2C2FF02AE5673DA
Size

1.2MB
Sample

250103-jng2qaxngp
MD5

66586f95954cb8312b27b30e54de85fb
SHA1

915d491b8db930ee10b6cde8794cbcee301d2779
SHA256

2b34ad054e9dde8cbc0abfbe1379a7f0343cb32d92f3411ec2c2ff02ae5673da
SHA512

58b6769a3e95306eed970861fd37b4f2f5c336779948c591250ae853fee3dfda693ef96fff6062057da6d14c354fc541305972fe90180734b3963d7d8bbc55cf
SSDEEP

24576:5qDEvCTbMWu7rQYlBQcBiT6rprG8avWCQRBGzYJUPWM+fk2m8L:5TvC/MTQYxsWR7avWbBGzrZIJm

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.orchidexports.biz
Port:
587
Username:
[email protected]
Password:
WFnE1S3uxpnc

Extracted

Family

vipkeylogger

Targets

- Target
  
  2B34AD054E9DDE8CBC0ABFBE1379A7F0343CB32D92F3411EC2C2FF02AE5673DA
- Size
  
  1.2MB
- MD5
  
  66586f95954cb8312b27b30e54de85fb
- SHA1
  
  915d491b8db930ee10b6cde8794cbcee301d2779
- SHA256
  
  2b34ad054e9dde8cbc0abfbe1379a7f0343cb32d92f3411ec2c2ff02ae5673da
- SHA512
  
  58b6769a3e95306eed970861fd37b4f2f5c336779948c591250ae853fee3dfda693ef96fff6062057da6d14c354fc541305972fe90180734b3963d7d8bbc55cf
- SSDEEP
  
  24576:5qDEvCTbMWu7rQYlBQcBiT6rprG8avWCQRBGzYJUPWM+fk2m8L:5TvC/MTQYxsWR7avWbBGzrZIJm
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2