vipkeylogger | 26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2 | Triage

Sharing

General

Target

26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2
Size

1.6MB
Sample

250219-n1k2cszngz
MD5

59119f37bec2cdea4b2777f4afe4a203
SHA1

1d073a3170c9f2425df56ca08e1a00ac2d526246
SHA256

26452bc527e96dc49c07a506f363c92ad485dc087a1d5c6ad4e5c64c1b463ef2
SHA512

7c7e634aa7f27fe091de2e6da782e5ed462ad10eefa22794f017c838674f1ad84de7ebbaf91d492cb45600fe0d8abd84d850719963ca488835ab135c80504e5f
SSDEEP

24576:MQHwY+TNIkEvqdyZqJ4xJku/EA/Vx/uYgXht2CpX0kze+b8dTWIFUbcJ5K7ztPv0:3HJ+JXKxqGJkpIJyhrpp2TWIZJ5M9Mum

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.groupscrea.com
Port:
587
Username:
[email protected]
Password:
cletus1905@
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.groupscrea.com
Port:
587
Username:
[email protected]
Password:
cletus1905@

Targets

- Target
  
  BugSplat64.dll
- Size
  
  2.3MB
- MD5
  
  c36e1b5e650a2e7e39fd21810c5241c6
- SHA1
  
  10a46eef8fff8649f033b7ee384d07ec1731ce46
- SHA256
  
  bdef53d0639ed649de39c7c563cacc8719f3e00ee3e4812f9e70b1960af2aa59
- SHA512
  
  e5ead01702f4611b92a888421f38e93a37f91abbc7b77e6d1c0f0b7380d910973c7487cc69f03f6071d34e9f62b55e277bcaf4069a8110370917015a7f850897
- SSDEEP
  
  49152:H2eCOrHIEEE3hnMlmLSSms9k80o51A17cy7Prcl4dy:z3SlmJxMy
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  PO202501B.exe
- Size
  
  255KB
- MD5
  
  2a39ab7049226dec986fa602a26f5372
- SHA1
  
  f0baf3b4f1dbcc6dd21e6f1279c741c0051c03cc
- SHA256
  
  ad4cd780bd7accd7482dcf6222910aafee971c7ab870ebae0022d51b237fa5cb
- SHA512
  
  5190d06d07b72f8ebaf326b6c0fcd85963afe598be499afee11881905ded944b58829a6ddc85a94f75621e5936496e151a1d8b4b96d12d38148a1f256841dafa
- SSDEEP
  
  6144:WIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGj:hz7KmH9tp1
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  vcruntime140.dll
- Size
  
  84KB
- MD5
  
  3e746699828f9e9aab45b8f1c3cea4a1
- SHA1
  
  5ba84f26e47670c865e21e3303a28e54608475d3
- SHA256
  
  de6ca787d0e0a30810fea570db867199d32ed71867e1c36a0f58ed71d540f035
- SHA512
  
  ecc2c06a96661f063bbce91c5a7239e24aae3a5924ebb8773cef3d9e1d332959612bd052991ace98700d25912266ee39ee93ab623befd20f548d62f451426218
- SSDEEP
  
  1536:ca0fOoqCbITyAAAmYIihE7Ka8maPKMOB0Fc2/ecbQ7qdWdi/phl:cnTbuyAzhphgLcBOGFxecbQ7qSi/t
Score

1^/10
behavioral5 behavioral6
- Target
  
  vcruntime140_1.dll
- Size
  
  35KB
- MD5
  
  f124d735ebff3330b5b6cfa7df1c17be
- SHA1
  
  ad9cba122a47a4be8c3ec3ac6ce2d920f7e40baa
- SHA256
  
  d34288fcb286d4e2056f969767a65f09cf6e71ad27fe3af4edd1584cd95fd55f
- SHA512
  
  e5f1fd40b28861f3f7e5851e47b60a3035216129e0491f112e8ebc4dacd4c890a06caead8aa7d4ae7b64bd2b0c08e1ba17bad924534fcedec406895ca8af8c09
- SSDEEP
  
  384:lbPvL6j8qS3RZ0IQ8tq7+B5Wjfy4hGCrNWrSVbWENXfGj5y85xIam4WrNNW7QHRV:BvGj8qSBoEiy4hvCsjNveIamvW8JuW
Score

1^/10
behavioral7 behavioral8
- Target
  
  vcruntime211.dll
- Size
  
  370KB
- MD5
  
  01d2846cc9c0890ab4b1d5cae6612422
- SHA1
  
  fbe0e10e7dfbf941e945a464cd471e54f9ae5f08
- SHA256
  
  cb0fcb63e87b9a39739f7c94f4608554e9735596f48c3d93208107dbf3be6253
- SHA512
  
  201a2c84a14772bac815f2e757b30831dc3b232276173921ce9deb60a3d23966d592a364a428fb6a87e61c8cea1179706f0dc9f9c3fe7a776dbd2453ef0325c1
- SSDEEP
  
  6144:KbA8X2U16wtXUCpdRnTD4GnIKhpSSAbT5WR3HwpwdKM/v6ACmZjKxU3dAmmud/a8:KZX16wFTgGnIKXSDb0JX/3NCm973lmQ/
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral3

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral4

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10