Extracted

• • Target

    bf4b5243f61194359db36f52a6015e50ceb490b140ee986134fff4a13432c82c.exe

  • Size

    900KB

  • MD5

    1e4a711ecbfcd10f63990b50edbf0692

  • SHA1

    62f19187d9eba5260aa9d1b5753308de1a2ef392

  • SHA256

    bf4b5243f61194359db36f52a6015e50ceb490b140ee986134fff4a13432c82c

  • SHA512

    3bff0107b8d0c5eaf0bfbe1336675cd38027f89daf7a58a11582f09861cd058d4f972f081b3bc971c12300526213307d7fef692e4b9f4bd85ba9bf3fac92aa55

  • SSDEEP

    12288:cXcxx2HCKsVidjk5m7eptd2naPiLutNS3haM78EQMZxmfemFXHW65zuYGTm4zeH:cX22iHKkSuE3l8Et2F2YuriH

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2