Extracted

• • Target

    Teklif Talebi__77252662______PDF_PDF.exe

  • Size

    766KB

  • MD5

    3e9424c0379b02d4a15cbd5a0748757b

  • SHA1

    bdf1a9dc926aff66b99708180b2f06e2606cff0e

  • SHA256

    37d95650ce61a4f265d21b47de3c7980f5ba2820f66e90add25147096ce682b3

  • SHA512

    ec522b61c1910e26266fcb37158e4a1fd0436905ce4c5e6841e652b27b9b91170cce2e9b22b60491637b96cc6a9779dd10f84c998321a869684ff9b65b01f6b7

  • SSDEEP

    12288:onCb+eCSmwdQxXiX4XxZ3xgeHcC+mxtpPrEzIlTBtMu04qxA9TWAp73JWA0hpsy:ouCqdISohNxgs+mRDdFtMu04qxyTWApb

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2