vipkeylogger

General

Target

fef805cfe8df23b5e42e59c3505ba7b9014c2cf3e9ac9346b3badba3c086053c.exe
Size

1.1MB
Sample

250109-ex7araxrhy
MD5

eb8c8acae9d3a669129902384f5335b2
SHA1

f0f9aa5f20c2721eacc7e2b660c46b585b653ee2
SHA256

fef805cfe8df23b5e42e59c3505ba7b9014c2cf3e9ac9346b3badba3c086053c
SHA512

5c62016f2b7b6fbfdba82539effc1c9dd65e0a3bc0df92210637d500562cfae01572866578a57d080c3247433da0f5845688adef74fd7467d08c7ba564c74fa3
SSDEEP

24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8aeMExfQ:9TvC/MTQYxsWR7aeMk

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.gtpv.online
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  fef805cfe8df23b5e42e59c3505ba7b9014c2cf3e9ac9346b3badba3c086053c.exe
- Size
  
  1.1MB
- MD5
  
  eb8c8acae9d3a669129902384f5335b2
- SHA1
  
  f0f9aa5f20c2721eacc7e2b660c46b585b653ee2
- SHA256
  
  fef805cfe8df23b5e42e59c3505ba7b9014c2cf3e9ac9346b3badba3c086053c
- SHA512
  
  5c62016f2b7b6fbfdba82539effc1c9dd65e0a3bc0df92210637d500562cfae01572866578a57d080c3247433da0f5845688adef74fd7467d08c7ba564c74fa3
- SSDEEP
  
  24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8aeMExfQ:9TvC/MTQYxsWR7aeMk
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2