Extracted

• • Target

    blhbZrtqbLg6O1K.exe

  • Size

    699KB

  • MD5

    32317fa8ed09561ea6de5ee91c3a971d

  • SHA1

    a1dc40e480493d39a2335963e6d0f1e6bf9fea82

  • SHA256

    117f1bc3d9a04cc8bbc9b0f681745c480f6744ddebd5879e32a05e7c7b3c492f

  • SHA512

    49d43a2adaa04895025cba7810bcb6b980930e20307e5d8684c89b58e23e59639ded7e6a3396c54aa0475dd9f046de617f2cb16d7cf37263a1b643f7adf274c6

  • SSDEEP

    12288:gMyCGMZQ3C68gTcIeW0XS0v9q2nrGFBoK4cqDzcBFz8tcLwUjbc0Y7o:gMyQZF2T0XS0VHGFBoK4cq34Fotcdny

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2