vipkeylogger | 543163173389fa5183ad4c143969992f502df2531ce06a6fc6077db676207e16 | Triage

Submit
Reports

Overview

overview

Static

static

3

SC INSTRUC...CE.exe

windows10-2004-x64

Sharing

General

Target

SC INSTRUCTION INVOICE.tar.001.tar
Size

1.0MB
Sample

250414-hcexjs1jv5
MD5

f6ae3566c8e3ef5f9803134b60b55ab6
SHA1

dd14571b2906b1f4097239ae6593aafc05a8160d
SHA256

543163173389fa5183ad4c143969992f502df2531ce06a6fc6077db676207e16
SHA512

296550638581cf15ff8f658d38f884072e4ad06d5694f4ed0bb047bb7fa9a7af3601526262c125d64daf7817636f13a4fb3b00569e5e3f5601ec5f9e43c081a7
SSDEEP

24576:7Bx339q99MY+LJ0qp36bhTcfhfGiOm8eVZOzCaGsmtBT:Vh499MYmJ0OUhw8Re2mNDT

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SC INSTRUCTION INVOICE.exe

Resource

win10v2004-20250313-en

vipkeylogger collection discovery keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
25
Username:
[email protected]
Password:
moneyismade22
Email To:
[email protected]

Targets

- Target
  
  SC INSTRUCTION INVOICE.exe
- Size
  
  1.0MB
- MD5
  
  b45df79655f1d3f12ee75d440f5b0202
- SHA1
  
  2a9433415f33855946993f2269567dc8a77079d6
- SHA256
  
  664816d292abbaafa018c7ef1991f256b5c9e14d2337259f722838fe534c6a52
- SHA512
  
  248d9837a100d4cd39032a0d8d6122d303762bba1d09b2568a4b89dde17007dbae8848d7b93552a1dd0d5d2c9fc7e3079662a8cfee7ed192fd8fd7a2705067a8
- SSDEEP
  
  24576:5Bx339q99MY+LJ0qp36bhTcfhfGiOm8eVZOzCaGsmtBT:3h499MYmJ0OUhw8Re2mNDT
Score

10^/10

vipkeylogger collection discovery keylogger stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerstealer

© 2018-2025

Terms | Privacy