Extracted

• • Target

    RequestforQuotationMKFMHSRFQ241104.vbe

  • Size

    20KB

  • MD5

    31d811df772fa5ae86e5c61318d70c22

  • SHA1

    7165e59afddb29ea81e7a76f51fce84ae474159c

  • SHA256

    ba89646f6eb6932bf276be6cf18c4016b77125d92b4b267803aa772343450a05

  • SHA512

    a84a08ba0490d17d79661bb22185cbf38fb23940761daa1160fc9a68cf545927155150c2d0da56c017908e4e05e1692d40d2bef90792493717ec81967656ff15

  • SSDEEP

    384:cRA+D/E36lIsIStz9287oSFYqc+lOq4ssHRymb7483wxEOjyFPfSg3lDWoIK:cRpD/4KI1Stz92EoSFYqc2Oq4sskmb7X

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2