vipkeylogger | b6020fd60ba9ad27209b47f66f4bf758d9213ea548cde4df5b4286bce2ed6511 | Triage

Submit
Reports

Overview

overview

Static

static

3

Shipping doc.exe

windows7-x64

3

Shipping doc.exe

windows10-2004-x64

Sharing

General

Target

Shipping doc.exe
Size

1.7MB
Sample

250224-nbmtnayrv6
MD5

03abd0cca28167fb96a1808687c515c6
SHA1

67654d6d764c5cf81295e358fb46d28653625ee3
SHA256

b6020fd60ba9ad27209b47f66f4bf758d9213ea548cde4df5b4286bce2ed6511
SHA512

19bfd8e1eb1c8a110f0efc1ef515e4b86ad774e6bc873984d1e97eef040786055cb6b4ec948dfa50f09dee462f7d4f405848e2b4ffa1b0d8abb91996a7368c7d
SSDEEP

24576:yeAZV1fWs8IiwTqN/vXatODhIf9yqt0xkAXTFHut+b7IOIPM8tJeiGDsNbSTPtEU:yryqotk9yqt0b5HHHIfhJedsoTy

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Shipping doc.exe

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shipping doc.exe

Resource

win10v2004-20250217-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
webmail.gvictery.com
Port:
25
Username:
[email protected]
Password:
Hong1357@J
Email To:
[email protected]

C2

https://api.telegram.org/bot7452517787:AAFRCQzX_IamMx-kAJG8lXDhSv2cnnBqR7U/sendMessage?chat_id=7256026967

Targets

- Target
  
  Shipping doc.exe
- Size
  
  1.7MB
- MD5
  
  03abd0cca28167fb96a1808687c515c6
- SHA1
  
  67654d6d764c5cf81295e358fb46d28653625ee3
- SHA256
  
  b6020fd60ba9ad27209b47f66f4bf758d9213ea548cde4df5b4286bce2ed6511
- SHA512
  
  19bfd8e1eb1c8a110f0efc1ef515e4b86ad774e6bc873984d1e97eef040786055cb6b4ec948dfa50f09dee462f7d4f405848e2b4ffa1b0d8abb91996a7368c7d
- SSDEEP
  
  24576:yeAZV1fWs8IiwTqN/vXatODhIf9yqt0xkAXTFHut+b7IOIPM8tJeiGDsNbSTPtEU:yryqotk9yqt0b5HHHIfhJedsoTy
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy