vipkeylogger

General

Target

INQUIRY -HQ242654.exe
Size

880KB
Sample

250120-kxyaqs1pg1
MD5

c6c43489f393bf91583e443ba7abe9a2
SHA1

728c1ddaef19694bf7f509db6dcf77923684c98c
SHA256

86cf677cb017e9dabac429f6da02582beca7747a2971db750ee64b480be81236
SHA512

919ea7a6a732fa5bdbab3bdeb62b16eb4ab24dd0a32455aa4498dfec8d33a7745a608795b5a930f42fe20cf09d31c1c643b8e5be05546e25c72991143cdf4c03
SSDEEP

24576:tthEVaPqLKp26vHrsXLz5+5Yehl7qV0JHf91x:VEVUcKp2QsJ+OeLFTx

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t
Email To:
[email protected]

C2

https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544

Extracted

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t

Targets

- Target
  
  INQUIRY -HQ242654.exe
- Size
  
  880KB
- MD5
  
  c6c43489f393bf91583e443ba7abe9a2
- SHA1
  
  728c1ddaef19694bf7f509db6dcf77923684c98c
- SHA256
  
  86cf677cb017e9dabac429f6da02582beca7747a2971db750ee64b480be81236
- SHA512
  
  919ea7a6a732fa5bdbab3bdeb62b16eb4ab24dd0a32455aa4498dfec8d33a7745a608795b5a930f42fe20cf09d31c1c643b8e5be05546e25c72991143cdf4c03
- SSDEEP
  
  24576:tthEVaPqLKp26vHrsXLz5+5Yehl7qV0JHf91x:VEVUcKp2QsJ+OeLFTx
Score

10^/10

vipkeylogger collection discovery keylogger stealer upx
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  out.upx
- Size
  
  634KB
- MD5
  
  d67ea5285c3c56c6fdc8f2a28354bd44
- SHA1
  
  53350bfe1a1c7b668cd42bc7c1eddc4383875b85
- SHA256
  
  fcdf46fc4db849adf0b4127317d2bbc86ab9d00d1756095f7d0f98f835276c2a
- SHA512
  
  6e2c876f5102336c6ff825ecd4319bc1fb2a2343b04606d60d9640fc0c1baf3f2be1d0b3f37dd5d40d9e4df49c8299322fbc97e9b4f9f50dbcbd71f700ce16d1
- SSDEEP
  
  12288:WhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJc:GRmJkcoQricOIQxiZY1
Score

1^/10
behavioral3 behavioral4