Extracted

• • Target

    2680d7aabaaa6a9bf3e961097a7525bb597c55b8ac8ed8148d66338d78bf4c32

  • Size

    130KB

  • MD5

    f5c5e1f7b2fda6346989fc1bbe6b7657

  • SHA1

    6f2d97035993d41b2f3867fa657a3b06cb67929b

  • SHA256

    2680d7aabaaa6a9bf3e961097a7525bb597c55b8ac8ed8148d66338d78bf4c32

  • SHA512

    d245ebf51129f4abf3e3bae94583d51ada5104ae0c98ad370163e93c54f6ba8fa427b044352068ce9e3b2fe00caea8f1d2f2684401e10289574f8f5d9dd0dbfd

  • SSDEEP

    1536:n5LZElpqZElpuqnAJcFUg+Rxp87eQWBfrHxgAMYvtp40n:nrYEYITCig+oOfrH2nYt7

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2