vipkeylogger

General

Target

e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5.exe
Size

1.0MB
Sample

250111-geyxrszkck
MD5

a3d99bcf752d0b63fa8d5515a4765777
SHA1

cea1bb29d2d34f8c46fa6c9c645cc9753d5a918e
SHA256

e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5
SHA512

f7e00d50005777373d65b9065bab7cd43ae3160554165e71c2db7bf901c34eb0608cd854e35e3159d48f698470db9a58e828aa6b4c2fa79c41149fc8030cdfe9
SSDEEP

24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aT7LCjhY:nTvC/MTQYxsWR7aT7mF

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.acadental.com
Port:
587
Username:
[email protected]
Password:
Dental9201$
Email To:
[email protected]

Targets

- Target
  
  e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5.exe
- Size
  
  1.0MB
- MD5
  
  a3d99bcf752d0b63fa8d5515a4765777
- SHA1
  
  cea1bb29d2d34f8c46fa6c9c645cc9753d5a918e
- SHA256
  
  e71789b9c70a2b9bbe541baf50d4e222be0d1b1cc2b38be925c01d9169158bf5
- SHA512
  
  f7e00d50005777373d65b9065bab7cd43ae3160554165e71c2db7bf901c34eb0608cd854e35e3159d48f698470db9a58e828aa6b4c2fa79c41149fc8030cdfe9
- SSDEEP
  
  24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aT7LCjhY:nTvC/MTQYxsWR7aT7mF
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2