Extracted

Extracted

• • Target

    rNEWPURCHASEORDER094637.exe

  • Size

    1.2MB

  • MD5

    0154fe9c5f4ad81beeedcf4fdb397ed4

  • SHA1

    939c3757ae0f62cda2ef34935d34f3ac70bba776

  • SHA256

    f8c3f6b1795091d7211dc5b0d508c9ffa115e6fbbab18b4ee9545b2124e211e5

  • SHA512

    957e65880d3979dd952f6989d460071ab6dbfcb6aaa036a6249153db7ff35c72ef51056e63bd9721697f5f8b528f1876d2a7f67b0b36646778a16d0d6246c5e5

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCrUHNXxWZW6+xBAio0WjijTbwPGS:7JZoQrbTFZY1iaCrSxXzPWjijT0OS

  Score

  10^/10

  vipkeyloggercollectioncredential_accessdiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2