Extracted

• • Target

    PAYMENT INFO.exe

  • Size

    774KB

  • MD5

    6dccb1dd8e7b7fe9d9f138caaea7f420

  • SHA1

    038fec3f89b09fad5e74dc978b00635f39da3bd0

  • SHA256

    36072f64891875212e9f45cc11d64d1bfdbe9a8caa55cdb1f488d7ac1c232074

  • SHA512

    01e81b6609ebacf1234ec22206c03b67dd7e0e318ab27f6dbb84bdf0ccf6514e45563145fc6b893e041af42dcc167e9caaf388d34d5a5ded7f6cb7062db173b3

  • SSDEEP

    12288:dVf55k2851Elq/61UJp2Xen07Ow4BuYwOcFB7YTcYeQ8dRrrllE3Oix4r:J5x5lUJgXk07x4tiUcBFHrFEi

  Score

  10^/10

  vipkeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2