vipkeylogger | 075d37e052d656828018b24cf0cefe9c0674eac26d9f7f3501a6eea34d2c2dc0 | Triage

Sharing

General

Target

075d37e052d656828018b24cf0cefe9c0674eac26d9f7f3501a6eea34d2c2dc0
Size

679KB
Sample

250116-n1wsvsypcy
MD5

6f4f2ae436fbeb28e5469cdba3e54e15
SHA1

1a0a32a036c4743c75dd0799bc9d66afc35bda2f
SHA256

075d37e052d656828018b24cf0cefe9c0674eac26d9f7f3501a6eea34d2c2dc0
SHA512

3758b3f2d185ab1421d2395e6add075bc5c9775a15d667f47b010b6773da88746f58902d87aa02c98bb428ff2b965d5619e5a2ad03e6734688be6d152efd0ec0
SSDEEP

12288:eA1IgIohG4jUjeP13pBYRVOIzSFNVcWdMU9PSO3Tj/jlDmsM3ICCAY3TG2uis+h8:eYIgIohG4aqDvx8gfj7thM3lF2iq63

Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.vimet.com.vn
Port:
587
Username:
[email protected]
Password:
auHM5EXeLggV

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.vimet.com.vn
Port:
587
Username:
[email protected]
Password:
auHM5EXeLggV
Email To:
[email protected]

Targets

- Target
  
  SWIFT ADVICE - TT BANK PROOF.exe
- Size
  
  742KB
- MD5
  
  2bd7d2a629433ed5590d573705695674
- SHA1
  
  03c3cf93ece17a5430b68ad280f5a428dd525a21
- SHA256
  
  2a797334390041e452211a8b208ed46fed6142f6bec51585f2f42c7197b33899
- SHA512
  
  ec8a2e1d4da08186af17a0c3a41259bdd9853c0b2480a4dc99595d78728040da25b5f3ac72d5edc8610afdefb2e892404549a0b6946465c1219793744ce6cb79
- SSDEEP
  
  12288:uPYRxA4Y5lyA/BxSPChU3IpFro4s+R2SFlVKWdMi9PSU3Tj3jlDIsM3SCCIdwPJR:fRU0Ip86leWLjztDM3raPnlT5
Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerspywarestealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerspywarestealer