vipkeylogger | aee37e0b121f31c8e53a9b314a06d758b1ce6b47d89f99822cdec8b9c9011d82 | Triage

Submit
Reports

Overview

overview

Static

static

1

PO20250115.exe

windows7-x64

PO20250115.exe

windows10-2004-x64

Sharing

General

Target

PO20250115.exe
Size

709KB
Sample

250115-e6w65s1mdw
MD5

b2ef32c2a7e45a8b789e66a48201d959
SHA1

062ba278f42fb6b710ac37dd2db7e88390953246
SHA256

aee37e0b121f31c8e53a9b314a06d758b1ce6b47d89f99822cdec8b9c9011d82
SHA512

8835258e9735afe52ccd08d8d95167d5dbddfabe5bd2c8025cfb1c6e8262360ddb9749eb41e9bc7cfe754cae8b27c59167febff586a8518efe09f674c3b2c1a4
SSDEEP

12288:ihnIF7MkLBbdAAMTfU8ELr6MeODi7itjdMV70:mnIFbAhsRAQjdMV70

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

PO20250115.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO20250115.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7965348925:AAGe8wdrvk9A3lxr1GIjGigodJ_zZ7prhfs/sendMessage?chat_id=6848903538

Targets

- Target
  
  PO20250115.exe
- Size
  
  709KB
- MD5
  
  b2ef32c2a7e45a8b789e66a48201d959
- SHA1
  
  062ba278f42fb6b710ac37dd2db7e88390953246
- SHA256
  
  aee37e0b121f31c8e53a9b314a06d758b1ce6b47d89f99822cdec8b9c9011d82
- SHA512
  
  8835258e9735afe52ccd08d8d95167d5dbddfabe5bd2c8025cfb1c6e8262360ddb9749eb41e9bc7cfe754cae8b27c59167febff586a8518efe09f674c3b2c1a4
- SSDEEP
  
  12288:ihnIF7MkLBbdAAMTfU8ELr6MeODi7itjdMV70:mnIFbAhsRAQjdMV70
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy