Extracted

• • Target

    c706f3494e60b615238fc2ceb608ae169e31f3e97abc6b849a85008fb229476a

  • Size

    1.1MB

  • MD5

    a18907275890e4418819c16e19154a63

  • SHA1

    bc9e4e08ef993eeb7d1640422483649b05be9bf2

  • SHA256

    c706f3494e60b615238fc2ceb608ae169e31f3e97abc6b849a85008fb229476a

  • SHA512

    77a7144392aa0cfa2f253db6cd45518b08c5f766e818acbe592f344c5687b2dea4d92152d50dec4b09cc765a5f7eb15d8f3768a801dacc6227c6d83eb07b5598

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLthp5xPfWMHA2hSv73vH+:f3v+7/5QLnFfxhs7/e

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2