vipkeylogger

General

Target

1f5d23c8bfb59b125b3d3db4022df3f12d1ef65e3ac6ec0bacff45a220d76e88
Size

587KB
Sample

250227-kzgqrstmw9
MD5

7079b7af7d5a43b44b76c0df00fe7229
SHA1

eb725e20000247a2537e2c8e863ab0def95680d8
SHA256

1f5d23c8bfb59b125b3d3db4022df3f12d1ef65e3ac6ec0bacff45a220d76e88
SHA512

7d03379675b82b3717df55ae85ffed306bd512f05de21abb4f784c9f619fcb3a222966408ee85e2d3abd1fcd737dc983ea6f416f939bac8b2d6c4b630a179969
SSDEEP

12288:F5wPtPYGb0w01uJGK061rN2Vgw6GGN6eaq2pJFyShBBokPsHwpaIi:PwlQk0i5rQiw8N3aquJFyodsQEIi

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Cash@com12345

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Cash@com12345
Email To:
[email protected]

Targets

- Target
  
  Thermo Fisher RFQ_TFS-1500.COM
- Size
  
  1.0MB
- MD5
  
  72801b25b4e0debf3de0b929033625a8
- SHA1
  
  c0d1f773c63fd8f5f755572b1a58580ceb3557c3
- SHA256
  
  bafbb21be006e0d958716146d386c278c1f812c0b347d0520418e83341034d61
- SHA512
  
  b491f0b348954fd1fb5b9cf188e826787686a700e9c97ce86284147d0fd820b5acbe221f66504f9397470de4fe6fd8724638d7869eced74b1a345ea8c7b14c16
- SSDEEP
  
  24576:du6J33O0c+JY5UZ+XC0kGso6FapXrX1FyoxsQt7WY:vu0c++OCvkGs9FapXr6oCQsY
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2