Extracted

Extracted

• • Target

    72292a987383f0079a0a846bae4ee6345f008f991a50f5f6d7fed2cad91339ad.exe

  • Size

    1.5MB

  • MD5

    e9698d7f3a85335c8610cde2fecc54e8

  • SHA1

    fbc277222d6971e42acaf87975b7b565b9b63a9e

  • SHA256

    72292a987383f0079a0a846bae4ee6345f008f991a50f5f6d7fed2cad91339ad

  • SHA512

    d71038e7356636efa5b3691ea66e6f74cf5749720bb0a7a009f4487dada8a9e679865ab2e263de2cf91e0af6a006d3af904a1bbb958715ec00cde98c2c48335d

  • SSDEEP

    24576:K5xolYQY6afmMv6Ckr7Mny5QLvmVib5B6lhswkKa59PK01LnRiaZ:dY53v+7/5QLvmG6lh8KmrLf

  Score

  10^/10

  vipkeyloggercollectiondiscoveryevasionkeyloggerpersistencestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2