Extracted

• • Target

    Lykkeskillingerne.exe

  • Size

    517KB

  • MD5

    a61d199b40c46ea1e0b9bb6f12165881

  • SHA1

    9ce4221b5c7d8a67ba54b0709d5bbcc893ceed02

  • SHA256

    c4f370cc453d04a84606b36451353fe65c56a5e758b2c138a23fc3741d7f4df9

  • SHA512

    11274f2ea8c4c181e4a0163a947e7d893697db2b0dcb7a280e3a0e37059bb4d02998c0d32b1cc84084fe8e7d9684cec21da708ccefe0628711053626a09beb85

  • SSDEEP

    12288:WZGcVEfEyolcupbbn6/tT9XfSJ37tdrQW:WZbSfEyolpb6FTM7dr9

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2