Extracted

Extracted

• • Target

    tender No. SHG-00080 - EPC2 -PDF.vbe

  • Size

    26KB

  • MD5

    5c41205813f5cb6111f7f54c55d79401

  • SHA1

    aded64d5b2fbd084ac1d9bf2916cc30668233636

  • SHA256

    37479a80364231d642aae1e5e2acbd5bd5ed93dce441890200f71f8063420a66

  • SHA512

    fac62621bd79c5befc2fc3c91a25ab185bb7958e3ccd2cf6eae2e736977cd3a4106b3ee38aa56e900b1e62c3f36a8f7dd69b5eff2d3e5a35c75ac1c12fd3aadd

  • SSDEEP

    768:OaRvluL79XDn/C+iV89wKpejmO1d527vkmQs90QtVFyMETjs365KbCXmosBOJ3oJ:V7J+Q0AMLzVZ1

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2