Extracted

• • Target

    RFQ-KTE-07102024.pdf.scr

  • Size

    28KB

  • MD5

    4aab71fbea4b35729e6a1de62c3e9c4d

  • SHA1

    2b4bc1a883fa32a13b095a6385ca54f2a61a1959

  • SHA256

    81902ac66a51c109471bf723cd373ab47a52c992855b9e2dd954090326cac420

  • SHA512

    1eadfc55728d115244ada96a7eb4de174afc34333bad63ec72d0e9f478f07c1c536e91319c1b9bcc7ea0e0a09d5130e21acf8ab5ba5b1fbd1f8441649bd2f660

  • SSDEEP

    384:UHcq28V683SxRkjkpvPDFBpzg3GBqphxAwRfsSlYoxEcn1k6+IGJl:UV3SxKjOHDZ83GBv2xr1k6+ISl

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2