vipkeylogger

General

Target

59184c01731f088d6a7d1de50c766c535073288bb6e69efc3a3bb51ba062524c.rar
Size

695KB
Sample

250220-dkq8bsvpcj
MD5

e19f6ccbdef04b8c2d45cff88628ef54
SHA1

e688ddd18719840dac1da5262606efea37aa12fd
SHA256

59184c01731f088d6a7d1de50c766c535073288bb6e69efc3a3bb51ba062524c
SHA512

4ad9761512947a1e9336a2f295114991bde418e5100efc6f64d50106584286fc9e2e4df3e47860216a93dbefa8aff01e41489614a72a09e94a92164ab3eadfb5
SSDEEP

12288:YiG4kHvriNHvxIc6c7L9jFH2d8hpxFjBqCbdQEIz3aAXR4F4UQ4anu6Ea2z:YbGtCc6sKWhpLjzdnAXR4Fmxu6E7

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7371892501:AAE6c_q-yLsVj82ZZEmMuRlQtTm95MBjCz0/sendMessage?chat_id=6750192797

Targets

- Target
  
  RFQ 009742567.scr
- Size
  
  796KB
- MD5
  
  35445a4062d47231200e45b71ad74986
- SHA1
  
  a7f1d388ae36520b39fefeb93de291f92f45e02f
- SHA256
  
  4aee0546da115d551dd0bbaf2c59f17fde0005196484a6a8b6ebdaf0b2dea1b9
- SHA512
  
  448699aab1a7818bdcfd3a4771e23441b6f6da6630e24755e957842935846b69d883fe67835319e60b1947855a6070df5df18b0286d8d5100cfd6cf12781ccd9
- SSDEEP
  
  12288:Xgvbbnb4Y8+3twFTxRZrvqBVq62AaT+jrTajNYp84XhENJo4zMG3Q1e0lUZ:wDzEFTRvkqtAYSPrHXhiJo4zVwC
Score

10^/10

vipkeylogger collection discovery execution keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2