vipkeylogger | 74feceb928f3cd0ca47312eac2718f4210bce399335fd341bdeb456b2a09a230 | Triage

Submit
Reports

Overview

overview

Static

static

5

PO# ENQ8864.Pdf.exe

windows7-x64

PO# ENQ8864.Pdf.exe

windows10-2004-x64

Sharing

General

Target

PO# ENQ8864.Pdf.exe
Size

1.2MB
Sample

250224-j7cakstk15
MD5

ce5d04c4d15b7ae968c0f2cd2a81387d
SHA1

4d7334d66cdff4a0f1c3ddce81db245a1e3469c2
SHA256

74feceb928f3cd0ca47312eac2718f4210bce399335fd341bdeb456b2a09a230
SHA512

4f2e621a18373f71fdcb583e4c0777be10913ec41647f12919efef5b54d762170199e2e84e347f84a447f388ba3f1b61336f0d1e607988a3b0b061645f58445e
SSDEEP

24576:K5xolYQY6Du6J33O0c+JY5UZ+XC0kGso6Faa1Bs3jWY3:dYSu0c++OCvkGs9FaavsSY3

Score

10^/10

vipkeylogger collection defense_evasion discovery keylogger persistence stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PO# ENQ8864.Pdf.exe

Resource

win7-20240903-en

vipkeylogger collection defense_evasion discovery keylogger persistence stealer

windows7-x64

26 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO# ENQ8864.Pdf.exe

Resource

win10v2004-20250217-en

vipkeylogger collection defense_evasion discovery keylogger persistence stealer

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.frmontajes.com
Port:
25
Username:
[email protected]
Password:
1Guelas+1986
Email To:
[email protected]

C2

https://api.telegram.org/bot7391124277:AAEAD7k2_c00owq0kQIitLTWNNPqqi9m41c/sendMessage?chat_id=7128988401

Targets

- Target
  
  PO# ENQ8864.Pdf.exe
- Size
  
  1.2MB
- MD5
  
  ce5d04c4d15b7ae968c0f2cd2a81387d
- SHA1
  
  4d7334d66cdff4a0f1c3ddce81db245a1e3469c2
- SHA256
  
  74feceb928f3cd0ca47312eac2718f4210bce399335fd341bdeb456b2a09a230
- SHA512
  
  4f2e621a18373f71fdcb583e4c0777be10913ec41647f12919efef5b54d762170199e2e84e347f84a447f388ba3f1b61336f0d1e607988a3b0b061645f58445e
- SSDEEP
  
  24576:K5xolYQY6Du6J33O0c+JY5UZ+XC0kGso6Faa1Bs3jWY3:dYSu0c++OCvkGs9FaavsSY3
Score

10^/10

vipkeylogger collection defense_evasion discovery keylogger persistence stealer
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  defense_evasion
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondefense_evasiondiscoverykeyloggerpersistencestealer

behavioral2

vipkeyloggercollectiondefense_evasiondiscoverykeyloggerpersistencestealer

© 2018-2025

Terms | Privacy