vipkeylogger

General

Target

Full_Appointment_Letter_USB-242763-1.exe
Size

2.1MB
Sample

250127-k8fvtssqbl
MD5

6bc20e5ed44e1066da7fc73389f5d17c
SHA1

e325da9c13eab71108e6186b3aa882ae700ac9ae
SHA256

97ae9be9adccb73c914747845b70887802a0a3d0bee383087fa468f4aa6ab73f
SHA512

af8d479d240c91035b0b69bc0971d1e88549e74e8d33a24f3cdea7e05cd292627049086c1831991e1152d25e638bd461b58923064226ada31c494d4dc432205a
SSDEEP

24576:BTyteSo4vLHAsZwI+4Q8V2wsebxfKFZ/6jgc1XYFaqouVn1s/eoX98i4H4444C:Y4H4444C

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7132042003:AAEUjvsVU50Hz9XUAuvfwzlp9oFWBYujQFI/sendMessage?chat_id=7048896986

Targets

- Target
  
  Full_Appointment_Letter_USB-242763-1.exe
- Size
  
  2.1MB
- MD5
  
  6bc20e5ed44e1066da7fc73389f5d17c
- SHA1
  
  e325da9c13eab71108e6186b3aa882ae700ac9ae
- SHA256
  
  97ae9be9adccb73c914747845b70887802a0a3d0bee383087fa468f4aa6ab73f
- SHA512
  
  af8d479d240c91035b0b69bc0971d1e88549e74e8d33a24f3cdea7e05cd292627049086c1831991e1152d25e638bd461b58923064226ada31c494d4dc432205a
- SSDEEP
  
  24576:BTyteSo4vLHAsZwI+4Q8V2wsebxfKFZ/6jgc1XYFaqouVn1s/eoX98i4H4444C:Y4H4444C
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Vipkeylogger family

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2