Extracted

Extracted

• • Target

    PO#17971.exe

  • Size

    808KB

  • MD5

    a8a2543b3b684c7668e2ea7f0fda818b

  • SHA1

    95f1ef47f4fddae43d5f2923be0498ac20d39ed7

  • SHA256

    1a096b05c22c2f1fe36e1a03e28b49129d1d5812c5b974c929b2213c8dc8896b

  • SHA512

    e47b2426d4359e43d32bfbe87fddcab42d80becc73c117f2b09ce59169ebd641eea13491fcf9b9ce0cfc19e8e7377c96bf925e034680d4dac1257b8a2b285048

  • SSDEEP

    12288:YUoV+I4MVKW3U5Hn4GMtYvvjUNn9KKXLgvaGG5IeiSl3vu/SJuJ:ERgQU5H4Dt6UNn9KKYve3m/SY

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2