Extracted

• • Target

    2024-10-31_8d62e700b688c2cd65741c96363fe1e8_avoslocker_hijackloader

  • Size

    6.9MB

  • MD5

    8d62e700b688c2cd65741c96363fe1e8

  • SHA1

    a2051f1f358c874a603ff25f0fad8f62c08b4595

  • SHA256

    a899e62a8c7ba50eee558ea74ab735499ba057304714ec26d02dcc14adfb3148

  • SHA512

    675a2fbd71ec7203b33fb454cf9b347db8f2adced9de2b4a932013f39f3062674b8d2ec739aa1587f2f457e07085588a776ad9a9880d5d77d3387460ca1e58da

  • SSDEEP

    98304:XF0lfx2WMXhJcemnWqF0lfx2WMXhJcemnW9F0lfx2WMXhJcemnWcOU/jIEeQfoRS:S9x7ZeiI9x7ZeiD9x7ZeiLFIF0wu

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerpersistencespywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2