vipkeylogger | b128de41d4110a0035114b6372967efe9ada4e603b7405b1d14f6b1102ff49c7 | Triage

Submit
Reports

Overview

overview

Static

static

3

SHIPPING D...ST.exe

windows7-x64

7

SHIPPING D...ST.exe

windows10-2004-x64

Sharing

General

Target

SHIPPING DOC & PACKING LIST.exe
Size

1.0MB
Sample

250226-k1yexatl14
MD5

e263fc8765adb06ed960b72eeb9f28fe
SHA1

c626d2a01be9e6b604cfb8b2bcfe726b197d669f
SHA256

b128de41d4110a0035114b6372967efe9ada4e603b7405b1d14f6b1102ff49c7
SHA512

eaa047a62f9897e50f1d5b4dadf9fc8ddbb153402957dd6cc470c89fc18ccb9a3e3a93b0a3b92afe243e2b1dc2225cd98d82cbc4cfa9bd5f4003a24ec596146a
SSDEEP

24576:/RidS/zXyEbNJ+Z70sAbKK0N3FppnPp48:/RzrXLbNJQYVWH5lne8

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SHIPPING DOC & PACKING LIST.exe

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOC & PACKING LIST.exe

Resource

win10v2004-20250217-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
25
Username:
[email protected]
Password:
moneyismade22
Email To:
[email protected]

Targets

- Target
  
  SHIPPING DOC & PACKING LIST.exe
- Size
  
  1.0MB
- MD5
  
  e263fc8765adb06ed960b72eeb9f28fe
- SHA1
  
  c626d2a01be9e6b604cfb8b2bcfe726b197d669f
- SHA256
  
  b128de41d4110a0035114b6372967efe9ada4e603b7405b1d14f6b1102ff49c7
- SHA512
  
  eaa047a62f9897e50f1d5b4dadf9fc8ddbb153402957dd6cc470c89fc18ccb9a3e3a93b0a3b92afe243e2b1dc2225cd98d82cbc4cfa9bd5f4003a24ec596146a
- SSDEEP
  
  24576:/RidS/zXyEbNJ+Z70sAbKK0N3FppnPp48:/RzrXLbNJQYVWH5lne8
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy