vipkeylogger

General

Target

OVERDUE ACCOUNT LETTER- FINAL REMINDER.tar.001.tar
Size

1.3MB
Sample

250328-qlgrhawwg1
MD5

e106ea4d0e58b4e2c267944a21854159
SHA1

0c6a2b0ac64e89826677fa11ee1979f9737796b1
SHA256

04fcf11a4631e03147fa87cbb65cfe3af66f95589e82c06f8916198d2d527c8a
SHA512

35a6af0f7859b049e642074896e71611fd9f34c4031747a3eca85fa94fdc9dc96385f0743e2d2f43aa96a330c1890f36e8c6dfad8487bb4e4cab0921036adbc1
SSDEEP

24576:khqp1stafsnr3f++K4cGEjrmNwUS08gVKyvFMBAJxE6En8M9PRuR350f:kh5tafsnK+KnywUzXVKymBAJFERDY50f

Score

10^/10

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
25
Username:
[email protected]
Password:
moneyismade22
Email To:
[email protected]

Targets

- Target
  
  OVERDUE ACCOUNT LETTER- FINAL REMINDER.exe
- Size
  
  1.3MB
- MD5
  
  797ab1856f090d159c3d6da48d58b0d7
- SHA1
  
  e0d11ad533fed6384c6a2389e3e43ad9388143a2
- SHA256
  
  2f7ca421f4ebe3a8777b8d8567231fcfc7164aa552a563674aab2bb92c0604c1
- SHA512
  
  ca496026dd5bbf65dd103fe7573bec7e0c368d2dfd4196902babfdfc5d4d44120680e47d8e4cc85a1e12cbd009cf09b04832d3e71ac1bb671465c762ae37d38c
- SSDEEP
  
  24576:vhqp1stafsnr3f++K4cGEjrmNwUS08gVKyvFMBAJxE6En8M9PRuR350f:vh5tafsnK+KnywUzXVKymBAJFERDY50f
Score

10^/10

discovery vipkeylogger collection keylogger stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

1

T1217

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Vipkeylogger family

Drops startup file

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2