vipkeylogger

General

Target

(Factura de crédito PCJ 26265).exe
Size

7KB
Sample

250203-kxhkaaymam
MD5

1e70f026b0c331569a4185d5705a3847
SHA1

3c4a903edea4bc5573b3bb5ef1436947b0c52458
SHA256

64addaaf98a7661110412b386b41251e01b5baabb8b693c25e5d8e8a8adcdf88
SHA512

c8411be7dac2fada1424cbd26df2c360db8efcd0e9862f91403ad7b5e472ff5de23170456f347c1435e05eac7ae6d9981e38c45ebfaebe54a137212719126bd6
SSDEEP

96:wB1Auf28Id5I5ujAl4BWLyLDDtTjYzy2jMj+NlF7+PczNt:E1AupIPI5uj7WLyH9Yzy2Yj+fF7Om

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7695797916:AAHvHT1OTmARFuJUMwBcAQZm1YulmU2m7TI/sendMessage?chat_id=6843964621

Targets

- Target
  
  (Factura de crédito PCJ 26265).exe
- Size
  
  7KB
- MD5
  
  1e70f026b0c331569a4185d5705a3847
- SHA1
  
  3c4a903edea4bc5573b3bb5ef1436947b0c52458
- SHA256
  
  64addaaf98a7661110412b386b41251e01b5baabb8b693c25e5d8e8a8adcdf88
- SHA512
  
  c8411be7dac2fada1424cbd26df2c360db8efcd0e9862f91403ad7b5e472ff5de23170456f347c1435e05eac7ae6d9981e38c45ebfaebe54a137212719126bd6
- SSDEEP
  
  96:wB1Auf28Id5I5ujAl4BWLyLDDtTjYzy2jMj+NlF7+PczNt:E1AupIPI5uj7WLyH9Yzy2Yj+fF7Om
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Vipkeylogger family

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2