Extracted

Extracted

• • Target

    image.exe

  • Size

    2.0MB

  • MD5

    4f481037138109f314141b4fede21f87

  • SHA1

    e28504f330d3d8586d36e3ff270fdfc0821e0cc2

  • SHA256

    f65d5f51c5b69891d73c3799b4ed4d53fea665a6ef5b3d0cce8cae1e96c0e785

  • SHA512

    4e30ba43e8c8f5bb4810c4ac7a8f6bdfdd40c8a6b0de97b0f114ac1f6d326493befa8621941b178ece263da16f5081f93b6fb09a030670df54658f42cd866ec4

  • SSDEEP

    49152:gdqswGco/j1HEFW1bB9HI8QrwiycY5vtxqpGAGco/j1HEFW1bB9HI8QrwiycY5vu:g8swjWdbwjWdb

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerpersistencespywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2