Extracted

• • Target

    5003cd2b693e2b6e2b0e126a17308b4f5ef60fc86de9ce1a90c4152c08220ee6N.exe

  • Size

    815KB

  • MD5

    61828c5fd9b41ff6f35e70a215f7fd70

  • SHA1

    5c4e73cad4f8fe7e52c91a1584a76680c0980bf9

  • SHA256

    5003cd2b693e2b6e2b0e126a17308b4f5ef60fc86de9ce1a90c4152c08220ee6

  • SHA512

    ed8c2fe0538de00fd8c827d067530782a7169c72feb06959155d4dac6df42027cb12b9ec2c9dbaa1fa72ded2cff20c0c49427efb5005c55ffe5b80b235da09f5

  • SSDEEP

    24576:XsTo7do5wpkCEG9vG+3rG9SOSEHKpwsu:A75CF9vGpHGws

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2