vipkeylogger | e07480e04b4921f651775f66d1e6ebba830126d088486c0c1a7622a575ffa957 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

DR7i2oPQmFBvGac.exe

windows7-x64

DR7i2oPQmFBvGac.exe

windows10-2004-x64

Sharing

General

Target

e07480e04b4921f651775f66d1e6ebba830126d088486c0c1a7622a575ffa957
Size

676KB
Sample

250325-k6ak2axmx5
MD5

c18eda0612f3307bc94cb73f4b4216a9
SHA1

0fb4ba35a6cee5d01691f2b891ac7e1ce4bd5ec0
SHA256

e07480e04b4921f651775f66d1e6ebba830126d088486c0c1a7622a575ffa957
SHA512

54f9a444ea04b275a4f81a46fac863fa9c2d5d2b4e589fc28e00cf0f0e2dc0dd9bfd52bceed4969d7a8d40d75639ef071b0f56a6c12ad08bfcfd9b79733bc466
SSDEEP

12288:Ez5RtD9EpjNziM0YSl+NiyxsE+xiZNtKCwCaYIZai1wOeMrOfe9ea/xREJc+G:Ednx6jNprSl+Nrx+xWKCwDYKQe9z/7Ew

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DR7i2oPQmFBvGac.exe

Resource

win7-20240903-en

vipkeylogger collection discovery execution keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

DR7i2oPQmFBvGac.exe

Resource

win10v2004-20250314-en

vipkeylogger collection discovery execution keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7688589725:AAEXfrzDHwZLObnhvGxbNuF0otXr2qYoXHQ/sendMessage?chat_id=2015352628

Targets

- Target
  
  DR7i2oPQmFBvGac.exe
- Size
  
  748KB
- MD5
  
  3223bb41094d367ff28de649d3846ded
- SHA1
  
  ec95c74b4df8e975633d3906255c9c067ea529b2
- SHA256
  
  90ce5b85703d579348045ee2ca8267c064911fc1243878a67144cc5970305b15
- SHA512
  
  889a439dfbe2cb95a235bd5e359b75832ba4ba65d492f3cfc66bc99d2c44ed9404b98f4f959aa458c130dbf912cb9f633f3ab16860bf3f867675dc0f1ef12e67
- SSDEEP
  
  12288:KdQVYyOn6nzx+1+AKamu15bsu2+rCj0ZzZcC4CaYuZaidwOCMGEDe3HwHGh:HY9n6nseMAR+mycC4DYPEDe3Hc
Score

10^/10

vipkeylogger collection discovery execution keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy