Extracted

Extracted

• • Target

    TEKJ09876545678002.cmd

  • Size

    1.3MB

  • MD5

    8eefc053b6ed983bec5aff3dc3369b40

  • SHA1

    84756cd09113665a8a8eba1d88da482bc276ada0

  • SHA256

    49b3a5b9adc10281015d59ca3b9439cd1201712133895cb848d33c66c8fbb1bc

  • SHA512

    60c0ced29238693be0cc2f4e20d219b4326fc4499ee216ddeb993714cd1565718f1af32f7a1af459845bcc1cd11ee0469189d54da86ebda4be651b7c4ff9a283

  • SSDEEP

    24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aLvxFjSOLmYtDRqrHZAZsi+xX06kGGsFG40b:lTvC/MTQYxsWR7aL9LmkGAZsFX06e/

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2