vipkeylogger | 8255dd224efb3fe22a27d63138351150e9685cc78503db0c88065635740dec53 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

jxGidTkOad4suSF.exe

windows7-x64

jxGidTkOad4suSF.exe

windows10-2004-x64

Sharing

General

Target

8255dd224efb3fe22a27d63138351150e9685cc78503db0c88065635740dec53
Size

726KB
Sample

250325-tlqk7asl18
MD5

a6078ed5c9a1a9b835396f893b796889
SHA1

53072a41075528f6c0c3a309940835bed954247d
SHA256

8255dd224efb3fe22a27d63138351150e9685cc78503db0c88065635740dec53
SHA512

16673aa44a23c510e4eee684ac90d70e73dc7f1ac79f60e4b67ca730dafb01cac7ba0049f96f58272ff6a1b1c999454e3a8e69dc33493fc65b7ec961785ba9fa
SSDEEP

12288:nWvLrSI8dfRV9ma606hi4ny3oYFbO2KkhrwNmuNmxv3yfGuiK8F4Ez/0q4vInnXF:nWvLrR0fPb9RL021rmdNgfqi/Tak

Score

10^/10

vipkeylogger collection discovery execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

jxGidTkOad4suSF.exe

Resource

win7-20240903-en

vipkeylogger collection discovery execution keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

jxGidTkOad4suSF.exe

Resource

win10v2004-20250314-en

vipkeylogger collection discovery execution keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7688589725:AAEXfrzDHwZLObnhvGxbNuF0otXr2qYoXHQ/sendMessage?chat_id=2015352628

Targets

- Target
  
  jxGidTkOad4suSF.exe
- Size
  
  869KB
- MD5
  
  24fe4f00c34617dbda65dea7b69290fa
- SHA1
  
  652ca5827811da26020b27267574e93b4e3a0a1b
- SHA256
  
  2cabff0ab44ef8b5791f5ec5c5dc25f509a6ca502af94813cab8fcfcdc6abfa9
- SHA512
  
  e09ecb5ee06b5f61aa7dcbd1db757851224b8822c3765eff5f5066aa761a017376eb24688534935c8c9b33120a5332e8ecfeb225d52a96c178cec5116e195952
- SSDEEP
  
  12288:NMvDFVzJ+Wnqn++PtFmwH9PD3yy6EtS1YFbOWKkhrINsuNQxv3yfiuiKMF4Ezh0W:NMbHzMjowH9bZsq0W1rubNmfEid3Ho
Score

10^/10

vipkeylogger collection discovery execution keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy