vipkeylogger

General

Target

e036b840f2d4ce7a8e097d3f8309d2363239f837936161ffb9527cec62987f87.exe
Size

1.0MB
Sample

250110-rx8j2axkbz
MD5

cb47b81059d6e0b15ad2ab00c3491c48
SHA1

4cf91a5e49a4d17f2c0d35bc52dee15ecdf155dc
SHA256

e036b840f2d4ce7a8e097d3f8309d2363239f837936161ffb9527cec62987f87
SHA512

ecce445bbe23f600d09357df1cd4488f958be9e2981b68a2dcba82dc41507f2b5f391ab97c7f13418b638b41f7dbb5e8d8d8946f317090d72b715eb23067d6ad
SSDEEP

24576:Du6J33O0c+JY5UZ+XC0kGso6FaPAlbrjFTSd7DqBWY:Nu0c++OCvkGs9FaP6FTy7D/Y

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7489657060:AAEq5tTUQiWuuifDLGy6qn_cJN5txd73Csg/sendMessage?chat_id=1886630858

Targets

- Target
  
  e036b840f2d4ce7a8e097d3f8309d2363239f837936161ffb9527cec62987f87.exe
- Size
  
  1.0MB
- MD5
  
  cb47b81059d6e0b15ad2ab00c3491c48
- SHA1
  
  4cf91a5e49a4d17f2c0d35bc52dee15ecdf155dc
- SHA256
  
  e036b840f2d4ce7a8e097d3f8309d2363239f837936161ffb9527cec62987f87
- SHA512
  
  ecce445bbe23f600d09357df1cd4488f958be9e2981b68a2dcba82dc41507f2b5f391ab97c7f13418b638b41f7dbb5e8d8d8946f317090d72b715eb23067d6ad
- SSDEEP
  
  24576:Du6J33O0c+JY5UZ+XC0kGso6FaPAlbrjFTSd7DqBWY:Nu0c++OCvkGs9FaP6FTy7D/Y
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2