vipkeylogger

General

Target

Vesselparticulars1111223344455.exe
Size

1.1MB
Sample

250203-kz2e6symen
MD5

92700d449462a0451151cd89117f7b5e
SHA1

0d1db1cb46c0de7c394d925a7f5709c921ffee86
SHA256

7f7936b1da52e56499ee2defe360f8fbeb2bdc5d3722f03a0bddb39e5250def2
SHA512

6014f4dc6d30776cb4b382e22317491af0d547e7b612c9058d0327efa8b3a91853becd04887fe8d337362b8961b50361a11e88fc7c650920d48b14f642c1638b
SSDEEP

24576:lAHnh+eWsN3skA4RV1Hom2KXFmIaD4JEWUSmHvmR645:Uh+ZkldoPK1XaDY4SNRN

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8043603189:AAFpR2ormgQgQpP5aDirNgZd72aHXUsGdlI/sendMessage?chat_id=2135869667

Targets

- Target
  
  Vesselparticulars1111223344455.exe
- Size
  
  1.1MB
- MD5
  
  92700d449462a0451151cd89117f7b5e
- SHA1
  
  0d1db1cb46c0de7c394d925a7f5709c921ffee86
- SHA256
  
  7f7936b1da52e56499ee2defe360f8fbeb2bdc5d3722f03a0bddb39e5250def2
- SHA512
  
  6014f4dc6d30776cb4b382e22317491af0d547e7b612c9058d0327efa8b3a91853becd04887fe8d337362b8961b50361a11e88fc7c650920d48b14f642c1638b
- SSDEEP
  
  24576:lAHnh+eWsN3skA4RV1Hom2KXFmIaD4JEWUSmHvmR645:Uh+ZkldoPK1XaDY4SNRN
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2