vipkeylogger

General

Target

Payment Advice $18,678.00.exe
Size

1.8MB
Sample

250219-rnkrlstqt8
MD5

5c9f652fa757862394cd5993283b34b3
SHA1

85bdf093144fb2e6f1f4c8c5c9d6bf50b5523e28
SHA256

657791b7f748b9280b72ae9be5b6d2f4eff25a83379dcb454722ebb5fb866199
SHA512

a1ee2c87d829f81371d1ab1a6f978a3b0f447e427145e3eab5bcc7398f8a9c80b4eeaabcf332e73fc96fa93f3ee70b1bc4b38614a27b9ccb0e912ec26ad0ad7a
SSDEEP

24576:gUQ1B3qSBzLXPVXH+H+xKvas3lkVZbEjXebU6m/b:gUARnXJHb4a2kHbmebQz

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
25
Username:
[email protected]
Password:
moneyismade22
Email To:
[email protected]

Targets

- Target
  
  Payment Advice $18,678.00.exe
- Size
  
  1.8MB
- MD5
  
  5c9f652fa757862394cd5993283b34b3
- SHA1
  
  85bdf093144fb2e6f1f4c8c5c9d6bf50b5523e28
- SHA256
  
  657791b7f748b9280b72ae9be5b6d2f4eff25a83379dcb454722ebb5fb866199
- SHA512
  
  a1ee2c87d829f81371d1ab1a6f978a3b0f447e427145e3eab5bcc7398f8a9c80b4eeaabcf332e73fc96fa93f3ee70b1bc4b38614a27b9ccb0e912ec26ad0ad7a
- SSDEEP
  
  24576:gUQ1B3qSBzLXPVXH+H+xKvas3lkVZbEjXebU6m/b:gUARnXJHb4a2kHbmebQz
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Vipkeylogger family

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2