Extracted

• • Target

    FACTURA 5004.-28 11 2024.exe

  • Size

    570KB

  • MD5

    622129ae990e84785b59a7c49769f1a5

  • SHA1

    691be4e876979b11ac60494ed026c780d7291e2e

  • SHA256

    bc52c9be844b9640dd46be53fe57fa01135fbe1f570f87369690176e925ffa18

  • SHA512

    a470d8c219bf126064fdfc96ec8855f4383b8ccc595cb5a2946b82a4635fca67f463f98359096611b4fde71a375176d084e82345ea4312f0f5205cc1960593f6

  • SSDEEP

    12288:1kuic98di0vU+lTb4Tmp6mAWn6Ui+LOFLmySMpQKE:Nic9Yi+4Tmp6mN6+LOFyGnE

  Score

  10^/10

  discoveryexecutionvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2