vipkeylogger | c7f278d5004198161c0294413f000f5b938a7f969e7952aae8e48ef721e07a5f | Triage

Submit
Reports

Overview

overview

Static

static

5

Inquiry- HQ242654.exe

windows7-x64

Inquiry- HQ242654.exe

windows10-2004-x64

Sharing

General

Target

c7f278d5004198161c0294413f000f5b938a7f969e7952aae8e48ef721e07a5f
Size

865KB
Sample

250120-jfza2aymcz
MD5

18ad614c37c5cc2e17d024f4e90616ad
SHA1

fab0cf0b7afacd06c77505e151f1d2d881371b84
SHA256

c7f278d5004198161c0294413f000f5b938a7f969e7952aae8e48ef721e07a5f
SHA512

1fc3725c7535672394870e6beed14c9e3e106beb490e04986177e523051f7f1e88adc26b74a8484178a7b432dbef8ca207b7636f500b1574284711987773e058
SSDEEP

24576:LnxREv78h0MFQ+iwIeHdzJTVP1NZlTVDraes+OZQQXTqBWzqq:LQy0Mc5eHtrP7ZnqesNZQQXWc

Score

10^/10

vipkeylogger collection discovery keylogger stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Inquiry- HQ242654.exe

Resource

win7-20240729-en

vipkeylogger collection discovery keylogger stealer upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Inquiry- HQ242654.exe

Resource

win10v2004-20241007-en

vipkeylogger collection discovery keylogger stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t
Email To:
[email protected]

C2

https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544

Extracted

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t

Targets

- Target
  
  Inquiry- HQ242654.exe
- Size
  
  879KB
- MD5
  
  21f2a8fcfb4784741a505b3a71a3cb4a
- SHA1
  
  5d82ba99ccb989c76675b586bc5629ff8b2bc138
- SHA256
  
  ab158b7e9b371e301d2554b7eb3f6363cdc88efc65397343d3ef179db7e0d68a
- SHA512
  
  7fd89af9b3f20a1982a60dbd74e484b404cc5003fdc351951320f47443b168e671d73699243a060917c0fca811b61a05e88cb92367883523ac1440103dd7f244
- SSDEEP
  
  24576:tthEVaPqLWxWdbFLK6hH3gbqW2NBefa4Ts:VEVUcuTIguWut/
Score

10^/10

vipkeylogger collection discovery keylogger stealer upx
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealerupx

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealerupx

© 2018-2025

Terms | Privacy