vipkeylogger | 6f7cc91aa9fccd5e50336c8b20c016641e814cfd89e17db96d14af8a360eb294 | Triage

Sharing

General

Target

6f7cc91aa9fccd5e50336c8b20c016641e814cfd89e17db96d14af8a360eb294.zip
Size

267KB
Sample

250118-e5ekpstmak
MD5

bff4a7ac060584a3afd37fc5372adf3f
SHA1

bc0e194a91ca894498b49bb4d142900565718db4
SHA256

6f7cc91aa9fccd5e50336c8b20c016641e814cfd89e17db96d14af8a360eb294
SHA512

ba1247e0fcf243fb5213da7e6337a2db45cd53e7f61b726825e2ecfe2b1df59860557876be523dcd0ee84b40ae630c890eff0a5c4c8e37d500bfc0ce8981d6ba
SSDEEP

6144:h3E3LdeaQ2S3pVIwBYk/9QZe+iqP8FvSispujRXvZDC1O:yRM3pVIwYq1+R0+8jtdC1O

Score

10^/10

vipkeylogger collection discovery keylogger persistence stealer

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7965348925:AAGe8wdrvk9A3lxr1GIjGigodJ_zZ7prhfs/sendMessage?chat_id=6848903538

Targets

- Target
  
  PO202501F.exe
- Size
  
  718KB
- MD5
  
  4e4fb45c99a574849a086232116f8bfc
- SHA1
  
  ee52062d05ff64cb7fc57bc647535929cbe856d9
- SHA256
  
  b541d2f2c3ea6e6f3cb26bba9bf36a0034a01cbb225e794c94ff957d09991e77
- SHA512
  
  2ec98860cba067f2a60fe0e9819b390bbec6536ddbf2b06a5a9a65b8a450dba013a763b00f2a850444d92532233ec5c2c825163ea38755830c9303fea3350ef7
- SSDEEP
  
  12288:Aoe7DH/meETdAAHOPaLsegLyjR0SxJxycahXjIC72:g7DQAC0aLoL8RNrycahTt72
Score

10^/10

vipkeylogger collection discovery keylogger persistence stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vipkeyloggercollectiondiscoverykeyloggerpersistencestealer