MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VIPKeylogger


Vendor detections: 18


Intelligence 18 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
SHA3-384 hash: f7f834c6875c915e46d802831831f9aae9d0de3d4e5f74d51cb37437dd1fe1a133eff17c1d911847c57c594ed5cc9020
SHA1 hash: 0198009573c3dc771b5c3e88f4f080ac84bd90b0
MD5 hash: 834afd86ad4bab0887ff4fb3d1adfebf
humanhash: grey-carolina-pip-eleven
File name:SecuriteInfo.com.Win32.MalwareX-gen.62883179
Download: download sample
Signature VIPKeylogger
Create hunting rule
File size:1'115'648 bytes
First seen:2025-09-04 15:23:50 UTC
Last seen:2025-09-04 16:17:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:l9fud2UA/x06GPuVGmwiJYIA+qa5KXyzdWS8pQKN3gy2vNqKvaqojL4efeTv:u0/xqYGm1lA8TupQo3wiq
Threatray 3'289 similar samples on MalwareBazaar
TLSH T10335AFA3F44CA291D4E88FB3E207F2B706371DBAD5125113A2D1BE573AB9C234672527
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe VIPKeylogger

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://213.209.150.18/CFbqJqk3bT4zNOq.exe
Verdict:
Malicious activity
Analysis date:
2025-09-04 10:47:40 UTC
Tags:
evasion snake keylogger telegram netreactor stealer
Link:
https://app.any.run/tasks/a2805622-59c4-44a8-829d-5f1eddd333cf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/25087/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.62883179.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b9af2c3e988eb6ab83af8a
Tags:
spawn shell micro
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Stealing user critical data
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bitmap lolbin msbuild obfuscated packed packed reconnaissance regsvcs rezer0 roboski schtasks stego telegram vbc
Link:
https://www.filescan.io/uploads/68b9af2a564e61a821551aa4/reports/c677650d-eb97-468c-90d4-7c39ea7d5ee4/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-04T12:50:00Z UTC
Last seen:
2025-09-04T12:50:00Z UTC
Hits:
~100
Detections:
VHO:Trojan-PSW.Win32.Stealer.gen Trojan-PSW.SnakeLogger.HTTP.C&C HEUR:Trojan-PSW.MSIL.Agensla.gen Trojan-PSW.Win32.Stelega.sb Trojan-PSW.Win32.Stealer.sb HEUR:Trojan-Spy.MSIL.Agent.sb PDM:Trojan.Win32.Generic Trojan.MSIL.Taskun.sb Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb
Link:
https://opentip.kaspersky.com/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337/results?tab=lookup
Malware family:
Snake Keylogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f402fc29-5189-4691-8e4d-68b847681efa
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.38 Win 32 Exe x86
Link:
https://app.malva.re/file/834afd86ad4bab0887ff4fb3d1adfebf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337/
Verdict:
Malicious
Threat:
Family.SNAKE
Link:
https://tip.neiki.dev/file/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2025-09-04 15:24:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
25
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pd4li3p52vpxsfhhr6jfdciyb5tusrjsp3r7vemh4lk55bvrkm3q._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
vipkeylogger
Create hunting rule
Similar samples:
03ffd9138d53cd6d65d05e242d9775a3b51201a0d556d208a69509e7be0455b7
VIPKeylogger
3fbfa1b663262c6680de89a01bc35815b31a8520c155794091f48a726a6305ec
VIPKeylogger
78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
VIPKeylogger
82d522f59433a213747eee3225ea33d1c1f2976a3a4a3412fe92e436f734c2f2
VIPKeylogger
c5e4aa78af496b5eba31db0d046a0d9165174d60b28dd6acec669628a2c9bf30
VIPKeylogger
error
VIPKeylogger
+ 3'279 additional samples on MalwareBazaar
Result
Malware family:
vipkeylogger
Create hunting rule
Score:
  10/10
Tags:
family:vipkeylogger collection discovery execution keylogger spyware stealer
Link:
https://tria.ge/reports/250904-ss86fatmx8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
VIPKeylogger
Vipkeylogger family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a28bf013-c047-4806-9c8e-912e568bfef9
Unpacked files
SH256 hash:
78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
MD5 hash:
834afd86ad4bab0887ff4fb3d1adfebf
SHA1 hash:
0198009573c3dc771b5c3e88f4f080ac84bd90b0
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
4901b6e28a7a8b1b0a764a729474341e124dfd78ac7dd97ec1d48fe4fd045cfc
MD5 hash:
b614c7cbfccf4bb6b2e9fe8e3ecf4a9c
SHA1 hash:
1a9f6a26cfbdbe2f78a6f8246516f9c867fbd6c4
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
cea0911a3affd00198933fe11056e9c25c90840268b5134c636af0cf701130b2
MD5 hash:
d051601eb65e0418b3cbef5a7d52db7c
SHA1 hash:
c00014fa3b754e02b5b48b6340a60e8b2cd563d0
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
d3d022384f42fadf14ad30d5477a2c691307249692a7798dfe0905c504dbfaea
MD5 hash:
4dd964d07a0207bda4b0ac0b432b4fc4
SHA1 hash:
2731120638b3c0ef4e1dcbd8e043def87303ac4c
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
9eecbe1195bb9e9d7d5eb7a9e69b7658768d3484336f519ae36566c26b1a05e3
MD5 hash:
5346bfccdbaddfa37d2bb5b0e62883c2
SHA1 hash:
45a9c15b8b5fe4830545f8fe3f7c6cfd6f8422f6
Detections:
win_404keylogger_g1
Create hunting rule
win_masslogger_w0
Create hunting rule
MAL_Envrial_Jan18_1
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
Parent samples :
19dac0de92478f91420db6588d40ec9a5115b4a8777cf7ba9dd4ae35059a706d
82d522f59433a213747eee3225ea33d1c1f2976a3a4a3412fe92e436f734c2f2
8442cf5d1f7e4b3922a849215c150c290bda0cc3679e25223b68f95375307386
10330919ad1b637e4c6ee42fb24e5cbf581c7a51bb879391b68be0cadcf0fa35
0973bc15da79ab1527648f46d39016824140c56a2b4204eac047bdeb10bb7960
78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
bf9317a764ca6548a8f1c084b357da6969b6c4d4994abb704155a4a1e9ccc401
SH256 hash:
e50b0550616c4ea9dc2d18d75084f50e6e7da2ccaa2c77a439026957105aad8f
MD5 hash:
540148a4209d7e2b88d0e24b919c2834
SHA1 hash:
5a2042f9c9946e57d02d0d4e9a1ba2c5b1246a1e
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
Parent samples :
881aac6c0395e173fe15acd1baf9caf443e73e166176b5040ccdb7e34750ed58
e14543458bbd96f242cc1dbeb9e3ff8c62c592fbe954b6da75fbf7f05aa41a0f
93bba3622d1594eb97ea253dbee9a1d5c495871b73410bccd6c41d7969d3b8a2
a89d88037e6e7321b7da02290aab0139ddf7be1b697388dcc28fba708304682f
e2f435485baa82011fb87477cf73d40c87b87a3579b11ea8d3cb22883ad33682
67b1c7d222568af1d3fe24c18125eac63dad102e029fae7427b7b9a526f63699
2e3c410728b3564bd615f8e6c64a7fc82fd5385542d02d7134d07bcbbc3f9f09
8ece82ad36ddad1e13a955098ea9629364950ed21a1155d7be4921208e62eb0c
26a2714342c817548962d1a9cf5ebb1aacb811c3060fea1269c8280047b8eddf
78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337
a8dabe249da520a24de691d48bf2549dda65bbb3e62cecd148b1ff0080533cac
0cb006d7434c2ffa1b04e4f20a90688e8eb36e82cea2db1641744e235995439b
fcdc9e821a1bd97c87b1c9b9fed76a070f3ff81a0ee0838f49a915336851a029
6b76abca8f35fff263c12beaaf521405a1d3743abde3bc20d8415272b2c5a140
2f76a21937582bd59783cab01437d029a6ccd52635e2a3f424831ad7e444e640
392ec2e0db217dc665b13c2e73b00d0ca2dc3b7f8a47eedf9a715d613e57a464
acfd0a48223c3e021532b6f7cfb12e81ebf2903bd706b9a5d45fb1a020dd7902
9357bf9a67240b9df693123dfcefe78bd468a313243e9ab7769c60eae161f1ad
c3bce19ca32fe499888cec1530bef701ba3d11d7fba776945a2e1245cb162a38
8e7c61db1d4aae49ddbd1ab8586fe752edbd01f30d5214e6e6bc074a3ec05588
a6fc6ac52bb2eb9fbe527ec26f3f21b8a3775660883ccd55976a250910dcee2e
227d7f535bcb6ce158d63d9436429547e9a065b289cf8b0caf8993ddd549190d
SH256 hash:
b386ba932acbb1d4edd79971d0497471bd152b9c2be30e6c178dcbfb0a1ee186
MD5 hash:
cd8961dc4a24bf1bed64a1ef1eb832c1
SHA1 hash:
5de8c4b3180c1dca3bea5cae05f8ae7d6ae17422
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
6c51c92dc091ca8d20a85e9756ea9fed49473fddea3585b08e51956574d283b5
MD5 hash:
1366dcef66fc4b4a3c9b1c0e22e94866
SHA1 hash:
eb9de19efb06ea6c1b9d728f2f26734d9c687166
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
SH256 hash:
38049405468c0f7a42f3164ccb17260cdeb7cb2a6c4a17720bd91667dad90070
MD5 hash:
d64ee946f3140a2cbc1c87662578f501
SHA1 hash:
ef0dc70fb3cef76b6d98591485f1aab32d0777c1
Link:
https://www.unpac.me/results/13bb596e-0203-402e-9539-61bfbd5540f3/
Malware family:
SnakeKeylogger
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/78f8b46dfdd5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

VIPKeylogger

Executable exe 78f8b46dfdd55f7914e78f925189180f674945327ee3fa9187e2d5de86b15337

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3617284/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/25087/

Comments