Extracted

• • Target

    3f98154dfa957eb333cae8aea1c9d03234145c5f7c72a185c3e95500a07f214d.exe

  • Size

    1.0MB

  • MD5

    0b891157f2ea1221e38c67a9c51ce0af

  • SHA1

    afbd8410c8c8d892cbc4d4901d46d7edbea5e8e0

  • SHA256

    3f98154dfa957eb333cae8aea1c9d03234145c5f7c72a185c3e95500a07f214d

  • SHA512

    8d3891065ba68590eb7b6a8f0f645c13274f7b1e225b4412ec9989b16ca8bdf37b3e014e31954a9f933477162c0000e53cb9404a9201742064eb3c16028bf738

  • SSDEEP

    24576:Ar7nRmn86KOYj5bRQ4lthLGe6wSOc6aEDWJM5f:ARm3KJbHhR86aEyJq

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2