Extracted

• • Target

    442e91cc6ce49f245c3580c3b1b073466c83ea954239c0440ea5704796356928.exe

  • Size

    1012KB

  • MD5

    55814557bfc6685e517304c4ea52a5c2

  • SHA1

    8a57b789c2a67b2f371b9b30bccf4545f60f6e23

  • SHA256

    442e91cc6ce49f245c3580c3b1b073466c83ea954239c0440ea5704796356928

  • SHA512

    80fc102f21aaf304fdb33e3eb3e4318541f3e70c14b8a95a2455284d0f294522ad888178556d785cf2e28a622a11c1921add64087a309b8a6dc551bde505b1cd

  • SSDEEP

    12288:RKWutRvP9f55k285170PlvGpv4B5UemwOKCNyx5ZMDooZp6nHB3Ld6ettCFoEc9W:RK7RHX5xiKvGdgWZ2sZEx6eckhS

  Score

  10^/10

  vipkeyloggercollectioncredential_accessdiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2