vipkeylogger | a8c8535f49c3869518e9d62f95086e5ac36526ea61d4203aa8d2077d33ae9faa | Triage

Submit
Reports

Overview

overview

Static

static

3

New Order ...ry.exe

windows7-x64

New Order ...ry.exe

windows10-2004-x64

Sharing

General

Target

New Order 12960 Inquiry.exe
Size

767KB
Sample

250130-vk48maxlgv
MD5

5c009b0e4bb639e8dd7f5a1921f6d942
SHA1

5af4ef8bf1091d5e85016dbbd860fafd595d464c
SHA256

a8c8535f49c3869518e9d62f95086e5ac36526ea61d4203aa8d2077d33ae9faa
SHA512

064163938ad379c9bd77a38b6f64b127f67b909ae8ddc2cf0d1b88451b04b188bf4e9d47d42f42d4fe3a097dc5e2c31a6a9434a9fb7236fba6f4d7ba67ff5fc3
SSDEEP

12288:VC4sBuaYOTSwX7Ky7AcBC3/FGDetYd4ZMl7DNeNSSHkCO9X:Y4taZTSIpBdeg4ZMppvSE39X

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Order 12960 Inquiry.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

New Order 12960 Inquiry.exe

Resource

win10v2004-20250129-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Global786@
Email To:
[email protected]

C2

https://api.telegram.org/bot8066712820:AAEAb01u8B6eDO5xCMdAz6XCOHC_L2RpVGo/sendMessage?chat_id=7667424178

Targets

- Target
  
  New Order 12960 Inquiry.exe
- Size
  
  767KB
- MD5
  
  5c009b0e4bb639e8dd7f5a1921f6d942
- SHA1
  
  5af4ef8bf1091d5e85016dbbd860fafd595d464c
- SHA256
  
  a8c8535f49c3869518e9d62f95086e5ac36526ea61d4203aa8d2077d33ae9faa
- SHA512
  
  064163938ad379c9bd77a38b6f64b127f67b909ae8ddc2cf0d1b88451b04b188bf4e9d47d42f42d4fe3a097dc5e2c31a6a9434a9fb7236fba6f4d7ba67ff5fc3
- SSDEEP
  
  12288:VC4sBuaYOTSwX7Ky7AcBC3/FGDetYd4ZMl7DNeNSSHkCO9X:Y4taZTSIpBdeg4ZMppvSE39X
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy