vipkeylogger

Sharing

Copy URL

Twitter E-mail

General

Target

RFQ.00.014-Samples.arj
Size

4.5MB
Sample

250226-qzmvns1py8
MD5

2cccd0f04c7ab1e13aa95cbae4c0bb3d
SHA1

8734eb8d191bb4e5a090912a5a2f973fe3410914
SHA256

3cfd788d5afda6983a45caf8ca7a3b013098f287aba5aed9e41dc7250f5b7957
SHA512

5efa43b0d7969fbfe71d2208db41ff9a05a36094a23be8c399beb1c654f1859c090153466d20bf60d4fd9326649131716631a4e7bd49a2eb2ec8a9c3e7fc1f52
SSDEEP

98304:/ow8NMDyWmByeZuzuYpZXNWQxcAs8okEIPi7:/ow2WKHZuuYPNWicAssbPi7

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.wxtp.store
Port:
587
Username:
[email protected]
Password:
7213575aceACE@@
Email To:
[email protected]

Targets

- Target
  
  BugSplat64.dll
- Size
  
  12.4MB
- MD5
  
  5dc0ed87146dacc6f84005f6667a977a
- SHA1
  
  397fd547749314eca0780275e8c695067256d82d
- SHA256
  
  5b0c0b5fab4030da17e80d45dddaacda910e443d3a270882196968b9309bfaaf
- SHA512
  
  f3df02654ebee17d9b7c1346d6a4a69d8a5fb025731e27ac7cab4929e4ec87818d6ed446ad95a959000013730d65523ff24036af23847ab0646883883b7df786
- SSDEEP
  
  98304:ppnzRymHDY4HFSnarEN1w7Kx7GdvrqexhNZZ0MG1qB1H7F2hjGXCcdWSxwxQ2jh:pNFD84H+NqelOBBZZsItR2hjGXPdcxF
Score

10^/10

vipkeylogger collection discovery keylogger stealer spyware
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  RFQ.00.014 -Samples.exe
- Size
  
  255KB
- MD5
  
  2a39ab7049226dec986fa602a26f5372
- SHA1
  
  f0baf3b4f1dbcc6dd21e6f1279c741c0051c03cc
- SHA256
  
  ad4cd780bd7accd7482dcf6222910aafee971c7ab870ebae0022d51b237fa5cb
- SHA512
  
  5190d06d07b72f8ebaf326b6c0fcd85963afe598be499afee11881905ded944b58829a6ddc85a94f75621e5936496e151a1d8b4b96d12d38148a1f256841dafa
- SSDEEP
  
  6144:WIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGj:hz7KmH9tp1
Score

10^/10

vipkeylogger collection discovery keylogger stealer persistence
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  vcruntime140.dll
- Size
  
  84KB
- MD5
  
  3e746699828f9e9aab45b8f1c3cea4a1
- SHA1
  
  5ba84f26e47670c865e21e3303a28e54608475d3
- SHA256
  
  de6ca787d0e0a30810fea570db867199d32ed71867e1c36a0f58ed71d540f035
- SHA512
  
  ecc2c06a96661f063bbce91c5a7239e24aae3a5924ebb8773cef3d9e1d332959612bd052991ace98700d25912266ee39ee93ab623befd20f548d62f451426218
- SSDEEP
  
  1536:ca0fOoqCbITyAAAmYIihE7Ka8maPKMOB0Fc2/ecbQ7qdWdi/phl:cnTbuyAzhphgLcBOGFxecbQ7qSi/t
Score

1^/10
behavioral5 behavioral6
- Target
  
  vcruntime140_1.dll
- Size
  
  35KB
- MD5
  
  f124d735ebff3330b5b6cfa7df1c17be
- SHA1
  
  ad9cba122a47a4be8c3ec3ac6ce2d920f7e40baa
- SHA256
  
  d34288fcb286d4e2056f969767a65f09cf6e71ad27fe3af4edd1584cd95fd55f
- SHA512
  
  e5f1fd40b28861f3f7e5851e47b60a3035216129e0491f112e8ebc4dacd4c890a06caead8aa7d4ae7b64bd2b0c08e1ba17bad924534fcedec406895ca8af8c09
- SSDEEP
  
  384:lbPvL6j8qS3RZ0IQ8tq7+B5Wjfy4hGCrNWrSVbWENXfGj5y85xIam4WrNNW7QHRV:BvGj8qSBoEiy4hvCsjNveIamvW8JuW
Score

1^/10
behavioral7 behavioral8