Extracted

• • Target

    f2241314a8601e3c955f96e5923407a14adac63c7dae4c38a98e83e15a53dbde

  • Size

    818KB

  • MD5

    633666f89989893c93ed09495b8e7654

  • SHA1

    dcea649bcc9ef8860d99d8e5177999c86d573f43

  • SHA256

    f2241314a8601e3c955f96e5923407a14adac63c7dae4c38a98e83e15a53dbde

  • SHA512

    c0ab30baffc8c127f44d55f8d57289c310a4ba428d56b1e73a1e1dfd1aedf46206b5cd8d2ec5c356f7a15de6fdf292319446bb7e89365afd3fdcc5c5dd001ea8

  • SSDEEP

    12288:vwX2viWoHLlbxyO9vrws43UasBY8y8hPDEvw/ceyFi/2icuFeA:vwmKWo5VyOFwsIsBjdDx7ykOyFeA

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2