Extracted

Extracted

• • Target

    228e6f4564fe08c94660250de5fc8832ce73b21edad1e81f6969c9a6dedbbfa9.exe

  • Size

    749KB

  • MD5

    3c70df024ff5a65f0785b0075939c3fd

  • SHA1

    05d7f92c1a6fec90ba6ab3a9b08944adbfe36832

  • SHA256

    228e6f4564fe08c94660250de5fc8832ce73b21edad1e81f6969c9a6dedbbfa9

  • SHA512

    380b50ef861a900cf97bb3354af8ddec0d0fc61751e96e5c3869a646f1e0be4adcc493b72292230f7a1fcc536d02d0dce9ed2a127795a0612b3d37c271925c4e

  • SSDEEP

    12288:/+Cb+eCSmSuo/HOMmO4ClOJwubAYNnv42S829nSQKYiTH/plXEX53:/Ccuo/HODCl/ubAEnS8Un7KxT7u

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2