vipkeylogger

General

Target

7d4e12ec5ad91bdfe0fdbaf6c286784ed4ac6cf2531b85f5b99926615cea6ce8
Size

584KB
Sample

250228-k4x9baxrw6
MD5

dfb8ab85accdf8fdc70171725a144e99
SHA1

3f0327c928f45475e5ef5170713a41d81e614d79
SHA256

7d4e12ec5ad91bdfe0fdbaf6c286784ed4ac6cf2531b85f5b99926615cea6ce8
SHA512

c6c669dd483f4c206275b1901744546d426a717849d0c89fd554ae3b3ec06cafdc0b02a355e53b8e655808073d99d18713351bdb07715709c24f9b48d29514af
SSDEEP

12288:Nd2rO72HKicPNmZH5DCAqhRyENFcf0s7j1l9sQRgjxEnQe:mrOwKXPUwAcNFts7j1l9sQGj8Qe

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
KNB01_Lucia_$
Email To:
[email protected]

C2

https://api.telegram.org/bot7855907741:AAE8geAKHsbOjUTKKIp5xQcpPo7PZ41e12I/sendMessage?chat_id=5039346757

Extracted

Credentials

Protocol: smtp
Host:
smtp.ionos.es
Port:
587
Username:
[email protected]
Password:
KNB01_Lucia_$

Targets

- Target
  
  2333332.exe
- Size
  
  1001KB
- MD5
  
  a9a687a0b0c64d764b9d9b9fa04be4e6
- SHA1
  
  096d1333a77e3568e72a58d59fc871ecd210180e
- SHA256
  
  a7426637b0a45ccb7d4515833403b9b06f5bcbf1ef96b0ba177b6d7b5ede212c
- SHA512
  
  74940df631760f72eeef6fde0b5036eef8b252b76f7606e5c10f16b7357e48da4e468004a9d76f5cf9b3b5d3ad350ffacf6b5dfce663e80f70795e88197af4b2
- SSDEEP
  
  24576:Ru6J33O0c+JY5UZ+XC0kGso6FaCL1X9sOIjVnWY:Du0c++OCvkGs9FaCvfdY
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vipkeylogger family

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2