Extracted

• • Target

    a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac.exe

  • Size

    903KB

  • MD5

    c9007399358b2c71f94731c0dada3aae

  • SHA1

    52961d38410067be7256356aa18ee52051bef614

  • SHA256

    a3f7477a9612f8ac90866fb2c4adc56a447f4a8262e4ac75bb1c825a254afbac

  • SHA512

    67b9d38ccc08b2acdc09df19ebed66a945f6a6854e1e5f9b3f1a73eef4a466abbb13fa52519c732445d6418c388adec2b9ee827100ff2caedd0958f95061bb77

  • SSDEEP

    12288:7Xcxx2t6G/sAgiXH5DybRcnygUUDJ3l0DbiLutNS3haM78EQMZxmfemFXHW65zu+:7X22t6whH1nXrLKvE3l8Et2F2YuriV

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2