Extracted

• • Target

    fatura.exe

  • Size

    929KB

  • MD5

    49e9e776c6f5d00a090adbd8814ffdc7

  • SHA1

    4ea5b8d7b7beb2ad75bbe583c4658093c4ab12bd

  • SHA256

    ef25dd02f39549f22a2272768115e7704ce4fd20e305b7aa16f9906b6688e903

  • SHA512

    06e761bafcf3aa68a739ec24f17db1f9d1a36f59b940c8de12fd388dbd871dd2ab443a60c7723cd77ec1f52859cef469d9493759acc8acc1cfe1c471bf06f8cd

  • SSDEEP

    24576:L4GHnhIzOa5WPGzwQA+jLgNK5O5Y1fmdruuAF:0shdaYP3t+g3d

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealerupx

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2