Extracted

• • Target

    PO#I-23-00007.exe

  • Size

    1.0MB

  • MD5

    fcf9d6b4116b8ed364365276d6e59e1b

  • SHA1

    fc3f2846ae840756415e05ecbc4d8972af0c29d1

  • SHA256

    a43a19822df06a57655413a8bb229547212eedd3b5271e3f4890212bbda5ceb0

  • SHA512

    72e5ad59ac233d8566f5fd2c09c9d2a63557da59127328b1736eb1abc20e0c2066fb5ec8f670743266562ab93c9f30e1d0d47738c5729048a3cd41ccad962ee2

  • SSDEEP

    12288:dtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgamTdAM8Tyarg0Am6A:dtb20pkaCqT5TBWgNQ7a+d+Tyd0Am6A

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2