Extracted

• • Target

    2024-10-29_b38044c85c61344e55c645da14c2c5e9_avoslocker_hijackloader

  • Size

    3.8MB

  • MD5

    b38044c85c61344e55c645da14c2c5e9

  • SHA1

    3c7234f791f2da542d318965f6868b909a4b6c3e

  • SHA256

    20592cd3af7ef4fc50bf5df5ad426ff7ee6094239422ae1eec91467927e7170a

  • SHA512

    ae2a94a1b3be245e9226d39b81301dbc17e82815547343ac7c222f1d2e89038efb160a44699eb13abc41a53ef78b484bb31110a402457d22f931286ab5e927ad

  • SSDEEP

    98304:aF0lfx2WMXhJcemnWcOU/jIEeQfoR/IuOFVjUu5:v9x7ZeiLFIF0wu

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerpersistencespywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2