Extracted

• • Target

    fb1087f5ae803f42c462f64d69e98d93fde21279c9f0be092c38c91caa20825f.exe

  • Size

    733KB

  • MD5

    4f2f75603b3e569aa58e271df79065a0

  • SHA1

    72c2abd8b2fedb3a63ec239bf34d6ed722dbd8b3

  • SHA256

    fb1087f5ae803f42c462f64d69e98d93fde21279c9f0be092c38c91caa20825f

  • SHA512

    e32b9b4c75fb120c7111aa362e5d89e53ddfe2a0e427b9c7dc6afd1a9ef05274cceb73dfe668828a7aad071935fbb7b32a45709be6bec79a61f3275e5884764c

  • SSDEEP

    12288:MDkhMOoltiJleHU6o8lRK4Eh3tkZPejDMSurQrks8ZtaENCA6RbBUwuOB:MDkh5oDiJle0D3tkwjAXBs8Z0SGRaw

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2