vipkeylogger

General

Target

LLC INVOICE 5070-01.exe
Size

1.1MB
Sample

250226-nwwbjaymw6
MD5

8030a96ed456c1dea4b4941c0ecf5dd9
SHA1

8931170259994559f57285adab7715e26915524c
SHA256

e6f951c78714289f043e14633971a4fef77decb8156bec418a77b860de440767
SHA512

15283b777c3e4bf179a744cc6f3f0a69f008b04d4edcb5751ccd35bb7e7cf524d2c433813c9b668ef790f2a2783da363e1419e3f96b3ca9348fcbe2e79b5a9d2
SSDEEP

24576:5u6J33O0c+JY5UZ+XC0kGso6FaG1F5OfPt39vTrq4tWY:7u0c++OCvkGs9FaIuN9vTmhY

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.mydinteriors.com
Port:
587
Username:
[email protected]
Password:
@Emter12345

Extracted

Family

vipkeylogger

Targets

- Target
  
  LLC INVOICE 5070-01.exe
- Size
  
  1.1MB
- MD5
  
  8030a96ed456c1dea4b4941c0ecf5dd9
- SHA1
  
  8931170259994559f57285adab7715e26915524c
- SHA256
  
  e6f951c78714289f043e14633971a4fef77decb8156bec418a77b860de440767
- SHA512
  
  15283b777c3e4bf179a744cc6f3f0a69f008b04d4edcb5751ccd35bb7e7cf524d2c433813c9b668ef790f2a2783da363e1419e3f96b3ca9348fcbe2e79b5a9d2
- SSDEEP
  
  24576:5u6J33O0c+JY5UZ+XC0kGso6FaG1F5OfPt39vTrq4tWY:7u0c++OCvkGs9FaIuN9vTmhY
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2