Extracted

• • Target

    9f7bbe4b657f8a881b586469be5915b8e677b5a9bc111a5296e90030c7ed0ffe

  • Size

    895KB

  • MD5

    8abb5d3382080c87931a5e34c256f990

  • SHA1

    b8f99657ae329a4e299e649f16ed1f6004f73994

  • SHA256

    9f7bbe4b657f8a881b586469be5915b8e677b5a9bc111a5296e90030c7ed0ffe

  • SHA512

    c105a985e515718477fd7dc76f984d56a7d68798a443ad4dea2df94820756801f76ab81e1c5b9065be1493e783c7edb4bb4b4b861d6ddc2b7727a0e72b247414

  • SSDEEP

    12288:HNT+fj05JDHmQaRyWrXOBV9q2Rd7LdUHnjbxS2Kl60/IAsTr:tejyZGQaIVqQRcZSJl60AAsf

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2