vipkeylogger

General

Target

PO202501A.zip
Size

6.9MB
Sample

250122-l6wzps1rfj
MD5

ed20f5e19ddb0017385a7bca37003fe5
SHA1

662c42db572081a5c4520870b33c0ace98a316f9
SHA256

372dc76e6d84b69619af43c61f21cb2fa5e0cd5ff8d0025c00858c16854ad077
SHA512

c025a3b9bfa0ad789360c101e8cf7ff15d726894a6a04c0bc5685e994ce716c12b7fc436ae57555eec9963f1aa9aa85d7db738e9003fbae2d2d46383a117dd5e
SSDEEP

98304:J6bunqIas8R6oPuD1YyaKaNqlhK6CM2yZpePlYmhHLpye+QjmuypsWYkxt2XhoAL:J6anattmeNKaNqlxSyZ8Pm0kQjk8XfL

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7328132851:AAGjxJzgHhOy6CKcH2zQWuOPw-Si4v2MtvU/sendMessage?chat_id=7467176655

Targets

- Target
  
  PO202501A.zip
- Size
  
  6.9MB
- MD5
  
  ed20f5e19ddb0017385a7bca37003fe5
- SHA1
  
  662c42db572081a5c4520870b33c0ace98a316f9
- SHA256
  
  372dc76e6d84b69619af43c61f21cb2fa5e0cd5ff8d0025c00858c16854ad077
- SHA512
  
  c025a3b9bfa0ad789360c101e8cf7ff15d726894a6a04c0bc5685e994ce716c12b7fc436ae57555eec9963f1aa9aa85d7db738e9003fbae2d2d46383a117dd5e
- SSDEEP
  
  98304:J6bunqIas8R6oPuD1YyaKaNqlhK6CM2yZpePlYmhHLpye+QjmuypsWYkxt2XhoAL:J6anattmeNKaNqlxSyZ8Pm0kQjk8XfL
Score

1^/10
behavioral1 behavioral2
- Target
  
  BugSplat64.dll
- Size
  
  14.2MB
- MD5
  
  946cefc76131918251e84ff417ad4736
- SHA1
  
  e2f711559b08889426eb22d2ff6756e52c2c719d
- SHA256
  
  c543557199efbd13ac131a7a4676660bce4ba9d06109af6464d22c44935c86a1
- SHA512
  
  62cbf241f4d266c3f1952bdcee16e54a0b9dfd4632b7d7cc6befd6d7c94d999349bb26088625bbb08d5d93c9450b5c59dade17b17231c4515d995e8ccbbc17a5
- SSDEEP
  
  196608:yUt2dD+yDfThRq5mt931hN8clGkkizbqup+d:yUt2t+yDHqq7YriKupA
Score

10^/10

vipkeylogger collection discovery keylogger stealer spyware
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  PO202501A.exe
- Size
  
  255KB
- MD5
  
  2a39ab7049226dec986fa602a26f5372
- SHA1
  
  f0baf3b4f1dbcc6dd21e6f1279c741c0051c03cc
- SHA256
  
  ad4cd780bd7accd7482dcf6222910aafee971c7ab870ebae0022d51b237fa5cb
- SHA512
  
  5190d06d07b72f8ebaf326b6c0fcd85963afe598be499afee11881905ded944b58829a6ddc85a94f75621e5936496e151a1d8b4b96d12d38148a1f256841dafa
- SSDEEP
  
  6144:WIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGj:hz7KmH9tp1
Score

10^/10

vipkeylogger collection discovery keylogger persistence stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral5 behavioral6