Extracted

• • Target

    Solicitação de cotação.bat

  • Size

    820KB

  • MD5

    9d69f27b49d325ccb989a8fa33bf0053

  • SHA1

    d0930220daced19a0000a3971e5f17a1192d1f1d

  • SHA256

    731523e50d68d20fb75e234c107ecbb8e39f2d7115cc1795e73eca399c548a84

  • SHA512

    f9c318f83cc16681b0c6e67acbff54881a6a8b623e6b5e069ad010d006d3d9d402994db82b6e220441104f41373b54c5fa83fb1924bc93c97f0b6f5cf0dd71da

  • SSDEEP

    12288:8l7YdUrL47qgWLvlgmoPEG9cjquHUdn6+XXlTFQSMeAKFhxZ0xHX2:CEU47IvlgmoPvqjq426A/AKTxZ0hm

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealercollectionspyware

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2