vipkeylogger | c1ffadcdfc3ae9746644fbb9a88d3ccae11b9f6bb435f1dbaa3bfc64ea46b511 | Triage

Sharing

General

Target

14042025_1515_11042025_Approved quotation.rar
Size

656KB
Sample

250414-snclnszkw7
MD5

87b39aca5703c4b07473bc34753b6b5c
SHA1

bd403e593279221348bca5e495f6db6608cb0efe
SHA256

c1ffadcdfc3ae9746644fbb9a88d3ccae11b9f6bb435f1dbaa3bfc64ea46b511
SHA512

fb34cbcddf1139d139ed4d34eec0ab705a7b60f9dfd87cf0b357a6105449960b62a460e74910f43555b58062f3cf2ebe378418fdf12b6c3609b8cc65391a2390
SSDEEP

12288:LssxnDpbZagVCRwgRPIzeZ5gWTIq6TZJl8B/1Zb5vpxQV:LssxnJZBVQRPI61OZX8B97vTk

Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.cybertechllc.top
Port:
587
Username:
[email protected]
Password:
7213575aceACE@
Email To:
[email protected]

Targets

- Target
  
  Approved quotation.exe
- Size
  
  766KB
- MD5
  
  0dfeb14ed1876716ea25ba25d70cbcb9
- SHA1
  
  a1881912116f3041977673e3de829917ee6b4b8a
- SHA256
  
  b16d4be7b771fb3202c5e48a258c4eb45c88f465be8f84084a5a82fe755a5095
- SHA512
  
  c671623d67e32194da8d79772431326ea391fb41fff843df91fecfe4b91607dceadde993297ef2c7112b26197385a7a71b3864898cd4f0fab48266e869559d15
- SSDEEP
  
  12288:LiKV/9THVDvfqsFPN3oPKmBczqV9sPoxrbHca6QjkkWY4LyRApKGw60Vu5aatVoi:79fq86WuCoPjkY4LyGKZ1V4/VKvm3DZ
Score

10^/10

vipkeylogger collection discovery keylogger spyware stealer
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vipkeyloggercollectiondiscoverykeyloggerspywarestealer