vipkeylogger

General

Target

97675879147c218f8fa07cf6df34d9c308f058a511e3197280b8787f38c45073.arj
Size

539KB
Sample

250129-dkx1waypfx
MD5

640c1748bcfb185f4d43de5b7a7eb078
SHA1

ec9f24117a1bd99aef089cc0c0323bd8916424a4
SHA256

97675879147c218f8fa07cf6df34d9c308f058a511e3197280b8787f38c45073
SHA512

c53ec666d80c233868f0e89c184e1b3a3f69f094bc15e4afcdfeb565d77230f9b62ef67fd5f02f8322b247d8753011cb9e24bb3dde7dfa5f5ada9ba21aa881e6
SSDEEP

12288:LkS6ZBlTREbiFrRRsJI6mBpTdR9NIUjIWEd5S5vrGuX:LkS6ZPTNvWinIsIWGSxB

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t
Email To:
[email protected]

C2

https://api.telegram.org/bot7323823089:AAFBRsTW94zIpSoDS8yfGsotlQLqF2I6TU0/sendMessage?chat_id=5013849544

Extracted

Credentials

Protocol: smtp
Host:
mail.vvtrade.vn
Port:
587
Username:
[email protected]
Password:
qVyP6qyv6MQCmZJBRs4t

Targets

- Target
  
  HAFEEZ CHEM GROUP CO.LTD.exe
- Size
  
  1.0MB
- MD5
  
  065898099311d94907e242c9f4a59935
- SHA1
  
  f1657569ac07a17a47ce75e9c2ce412ae4531719
- SHA256
  
  e824bf026bb0d12fbea0ab8fee5987455d7e4d330a89bb2c477372a84268f29c
- SHA512
  
  c4afce88a8bc0c47830b384d83591f5a3c82f608e068f12507654e4c49692a3911ab8e4c56ad4be678c04224298c3cec9b4ef9e7c1f7268994df44c932c01d1f
- SSDEEP
  
  24576:oAHnh+eWsN3skA4RV1Hom2KXFmIaLwLPExgFR4G5:vh+ZkldoPK1XaLw5FX
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2