Extracted

• • Target

    PO20241219.bat

  • Size

    1.1MB

  • MD5

    f3ce93c4a0cae401cb09cb1706acf8e3

  • SHA1

    6e9aaa501e8158afda8df2d6e6328152d630e92c

  • SHA256

    1e5ece7c18fa26c294653ff81abf093ec7ee778880053ab447a57fd9017ab917

  • SHA512

    7f3327c958b0665cd047926abdf3ec53b741a683f37d7397b920cfd70a297b99f586b4576418f3b64ff0fefb5c4adfc5da2a9f6053d5a154986677a85cd595d9

  • SSDEEP

    24576:vMaSSKy2/SPNV2hMY/KVExMGNMpK5lHhaukA:vRQcLYeKTAA

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealercollectionspyware

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2