vipkeylogger | 120d4f7fffff6a1545c5a6fd2620fb38ea16be8baf365fb25b852859bc193919 | Triage

Sharing

General

Target

Data Sheet_Technical Requisition.Gz
Size

50KB
Sample

250226-jclwjayly9
MD5

8a176047998d7b3424b7cc5652ce12a4
SHA1

4d0ffbc4826031b1f94ed99aa3ea036e50208d37
SHA256

120d4f7fffff6a1545c5a6fd2620fb38ea16be8baf365fb25b852859bc193919
SHA512

eb7abe455b0946dce351c4cd04cf797ce598585a312a3a032f1d60212273f8fb2dd0e17918f0971de48adcbc62356016a981e26a3770efdfd6a1965d37c57995
SSDEEP

1536:oaoCOLxeG7Lsd5B2/zRpnbAO8Fz+a+Rjz:oGooGfsvw7RW+Hhz

Score

10^/10

vipkeylogger discovery execution keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.gtpv.online
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  Data Sheet_Technical Requisition.vbs
- Size
  
  97KB
- MD5
  
  fb96faddeb253f2dc7f5ebc646b9577d
- SHA1
  
  f99b1242624a2f6fd10675ebcf0d434002132f07
- SHA256
  
  a1793711d90913e75edd176658b83e254324afc51e54f787aae45062363fb22d
- SHA512
  
  3c75f19bbdf9b63225928294dbbd76fab2513cc8c225716f9779b49919c204cca5c6fe56fe4a23ca31b96baec337c57099658f762f3d9e68b101236b06b77e53
- SSDEEP
  
  1536:PIqKuiFeYv5YBGz/tDFcjCf9OiLFRnTTFR1//fyszzooL5DxATTfq/C5DO:PIqKnFlYMz/NFqCf9Dnhrzv6fV5DO
Score

10^/10

vipkeylogger discovery execution keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggerdiscoveryexecutionkeyloggerstealer

behavioral2

discoveryexecution