Extracted

• • Target

    a6a945cecbb8a65a0be02de5dce49c49c8dfa0f1beb1dfdf851552eb17ee1570

  • Size

    811KB

  • MD5

    a56aa95f0b507c4af68606c06e88f874

  • SHA1

    993c7a7087fd15ffcb12aa232c9c7e107b1576a5

  • SHA256

    a6a945cecbb8a65a0be02de5dce49c49c8dfa0f1beb1dfdf851552eb17ee1570

  • SHA512

    cf6eb093846d539a1e4b3c37536171381946132de404c82ca3335bac4ffc89c99391f71bece2a49bd47c30cd65fe9ec09c29660adeffdc23b0b6abf7b051f640

  • SSDEEP

    12288:2KFSo1X2zK9+pSwG58sYSGFOpt9upNz7BoTMmrU6kiL9Fyl6wnhLVxU+kR:26So1mzK9+pbG5fHtwpNz7s55vL9KFLm

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2