Extracted

• • Target

    7a0524b3027134a2af262a9675f7277b5ce780128269b8492a5b4421e3629eb8

  • Size

    693KB

  • MD5

    58b8590e06f201dd50fc4cec7e1d4845

  • SHA1

    ea6bc1dd129d16849d2915af96fc96416c7a98f4

  • SHA256

    7a0524b3027134a2af262a9675f7277b5ce780128269b8492a5b4421e3629eb8

  • SHA512

    667d77629e0d0e3643c39f3c5d0a00e0d631c47c2b6c0a23102c69ca4f14ab83d75acfe5dd87d0f5fed2a221cab575d87a29ae466bd126f911633d5500859861

  • SSDEEP

    12288:0wAopWvkl5YzDVtBo7TtVBxjA/qRI5YVEwXM0t0MaezxA0p4aRs3tg/+EMyC:0wAUXl5mVkTnsEAYawXXt7vp4H+/9My

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2