vipkeylogger

General

Target

33edda25fb107ebce003c9c5cf3e58244ae9c75326894e8d7fe6181be11e493e.exe
Size

760KB
Sample

250224-jw1h2asr17
MD5

dbc53deb1085f88b7baaa683353d6be5
SHA1

0bea8e79dfe4e9ed6047f231251cebfc34ef5d5c
SHA256

33edda25fb107ebce003c9c5cf3e58244ae9c75326894e8d7fe6181be11e493e
SHA512

f33e676294628319690cbce196d55563cac2064167e1564dd7ba32b36fdbc4b5e283aea7881f7946fbec8b8311f1bdf16a25dfcf69bcb306f639b2a1c55d4896
SSDEEP

12288:0BxgmmpFgv/kav5KneklnTpQK/fiWkNPnEHGZARW+uA:wkA1vtwTp9qbPEmZOF

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.aewn.buzz
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  33edda25fb107ebce003c9c5cf3e58244ae9c75326894e8d7fe6181be11e493e.exe
- Size
  
  760KB
- MD5
  
  dbc53deb1085f88b7baaa683353d6be5
- SHA1
  
  0bea8e79dfe4e9ed6047f231251cebfc34ef5d5c
- SHA256
  
  33edda25fb107ebce003c9c5cf3e58244ae9c75326894e8d7fe6181be11e493e
- SHA512
  
  f33e676294628319690cbce196d55563cac2064167e1564dd7ba32b36fdbc4b5e283aea7881f7946fbec8b8311f1bdf16a25dfcf69bcb306f639b2a1c55d4896
- SSDEEP
  
  12288:0BxgmmpFgv/kav5KneklnTpQK/fiWkNPnEHGZARW+uA:wkA1vtwTp9qbPEmZOF
Score

10^/10

vipkeylogger collection discovery execution keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2