Extracted

Extracted

• • Target

    3bd3c438394939146b7e081e05cd0973bcc7c7d01f624502f70ff7f7da986a41

  • Size

    642KB

  • MD5

    7be3d79e9d8bf37c8c916db52c789949

  • SHA1

    84f475bb3875792f46eb976393fd5cbec864f105

  • SHA256

    3bd3c438394939146b7e081e05cd0973bcc7c7d01f624502f70ff7f7da986a41

  • SHA512

    22315acb0ac1b251aa596a12b2430b926c1a43840bf92485e4e37f2bbe1734e50e16ae2bb3d90b531228f1255d1078e6f66e4ac478b3f15d151cc53998714588

  • SSDEEP

    12288:WKhc0/wOwOH4SG7Rwhhp/+KD1mA7IhIP5s1mW5/HOuf+Dp0:zyu68AI1mecIP5Jy/OumC

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2