vipkeylogger | 5940ea89be33110c787f4be5d2c445c8bd022852a2fcaa6913fffb5805bafd90 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

0138369002_pdf.exe

windows7-x64

0138369002_pdf.exe

windows10-2004-x64

Sharing

General

Target

0138369002_pdf.exe
Size

1.0MB
Sample

250328-kefmzatwgz
MD5

2ebdfaabdb14007d5fd0256256819bec
SHA1

dff9d44238fa5fa972be4f103ab4a49aab1018a8
SHA256

5940ea89be33110c787f4be5d2c445c8bd022852a2fcaa6913fffb5805bafd90
SHA512

0950725714ec9704f41c50fb7fdc91705ef2230cb887d38edcb944049a217b91c4276d77bfe193b5cd1c7bc46e3f81f5600bab53502f1329af19e9d1f90b459d
SSDEEP

24576:Wu6J33O0c+JY5UZ+XC0kGso6FaO3xnfG5lz1WY:4u0c++OCvkGs9Fa2xfG5OY

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0138369002_pdf.exe

Resource

win7-20240903-en

vipkeylogger collection discovery keylogger stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

0138369002_pdf.exe

Resource

win10v2004-20250314-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7851180322:AAElCRrJUChM2Vl3xRuSuIoNVOcq2KJ7_ZQ/sendMessage?chat_id=6443108993

Targets

- Target
  
  0138369002_pdf.exe
- Size
  
  1.0MB
- MD5
  
  2ebdfaabdb14007d5fd0256256819bec
- SHA1
  
  dff9d44238fa5fa972be4f103ab4a49aab1018a8
- SHA256
  
  5940ea89be33110c787f4be5d2c445c8bd022852a2fcaa6913fffb5805bafd90
- SHA512
  
  0950725714ec9704f41c50fb7fdc91705ef2230cb887d38edcb944049a217b91c4276d77bfe193b5cd1c7bc46e3f81f5600bab53502f1329af19e9d1f90b459d
- SSDEEP
  
  24576:Wu6J33O0c+JY5UZ+XC0kGso6FaO3xnfG5lz1WY:4u0c++OCvkGs9Fa2xfG5OY
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

behavioral2

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy