vipkeylogger

General

Target

payment reciept.exe
Size

969KB
Sample

250226-nxy4taymy9
MD5

98e60b3ecb07393604513032ff9cece8
SHA1

39b4a69001bb456d3134601167b031ef516c4b63
SHA256

c41935933af8366f81832e9c6239a205a1cf95c72ead834feeb1c3a2f262c8f5
SHA512

b01c40902034e650f9ad7bbb0864a9d95147bab760865623147eb0904117afa0c3c857f4fb7803d2afe3f9abd8029bce835d81d5d204f3aadd3e969fb9371945
SSDEEP

24576:Bu6J33O0c+JY5UZ+XC0kGso6FaMoSYUDFX8WY:Tu0c++OCvkGs9FaMogFvY

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
ifSg^KL6
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
ifSg^KL6

Targets

- Target
  
  payment reciept.exe
- Size
  
  969KB
- MD5
  
  98e60b3ecb07393604513032ff9cece8
- SHA1
  
  39b4a69001bb456d3134601167b031ef516c4b63
- SHA256
  
  c41935933af8366f81832e9c6239a205a1cf95c72ead834feeb1c3a2f262c8f5
- SHA512
  
  b01c40902034e650f9ad7bbb0864a9d95147bab760865623147eb0904117afa0c3c857f4fb7803d2afe3f9abd8029bce835d81d5d204f3aadd3e969fb9371945
- SSDEEP
  
  24576:Bu6J33O0c+JY5UZ+XC0kGso6FaMoSYUDFX8WY:Tu0c++OCvkGs9FaMogFvY
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2