vipkeylogger

General

Target

51a12dd99530488f1adc777e2479b57e984997635e2ba773d69ff27718bcb299.exe
Size

1.4MB
Sample

250123-d56thszngv
MD5

eff7dd3a56f73b474ab728ef0e2e85e9
SHA1

b4c80d658f496e938778db42e43dd904ec308a52
SHA256

51a12dd99530488f1adc777e2479b57e984997635e2ba773d69ff27718bcb299
SHA512

74a9b7522f17f999d84e146f584035b1413fcf637e6d8d1daf60826a6eea74f16d4397ac98f1eaed50c00d28e88f6b7acfd0b7e214df6d278d62dd525af669d4
SSDEEP

24576:mtb20pkaCqT5TBWgNQ7all4LGInoXLTBqFh+xrIKMT1JMuSv/c6A:TVg5tQ7alqLJQL0Fhhhf5

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
cash@com12345

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
cash@com12345
Email To:
[email protected]

Targets

- Target
  
  51a12dd99530488f1adc777e2479b57e984997635e2ba773d69ff27718bcb299.exe
- Size
  
  1.4MB
- MD5
  
  eff7dd3a56f73b474ab728ef0e2e85e9
- SHA1
  
  b4c80d658f496e938778db42e43dd904ec308a52
- SHA256
  
  51a12dd99530488f1adc777e2479b57e984997635e2ba773d69ff27718bcb299
- SHA512
  
  74a9b7522f17f999d84e146f584035b1413fcf637e6d8d1daf60826a6eea74f16d4397ac98f1eaed50c00d28e88f6b7acfd0b7e214df6d278d62dd525af669d4
- SSDEEP
  
  24576:mtb20pkaCqT5TBWgNQ7all4LGInoXLTBqFh+xrIKMT1JMuSv/c6A:TVg5tQ7alqLJQL0Fhhhf5
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2