Extracted

• • Target

    TBHD_779320023221.exe

  • Size

    981KB

  • MD5

    462a9165371be9c5f86b76adbc068d37

  • SHA1

    ff92bce9d712585aea9d85be80c3142a23353613

  • SHA256

    20b22e21664030bcbea413d2c054f99f62956cf9feedc6148fe34870ce124f79

  • SHA512

    c4008ca783ff00c5416167731944c5b5dcdeb7eefd114b6c2ad450b60e49a01cda62eab377c5e7cf084382c5b7738c7756a3a4875c7de732ff2d8a91bc62a601

  • SSDEEP

    12288:NiweayfGZVFFaAmpa/JQYemIy0R5C83ju8IhEZEusORzu+2p4EeP1R6FUkR:YweaMGj+Vzy0PC837IYHsU1Ma6FT

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2