Extracted

• • Target

    Request For Quotation (R24925) for Spares_01072025_pdf..exe

  • Size

    819KB

  • MD5

    bd4b090eaa1061d4b394b150493915be

  • SHA1

    d24bcd580f642e0a46f5f0f27afc488a0fd59204

  • SHA256

    abb4db3fe48bd796df4b07f0cc5cc63fe1f92170e0dd5f2ee4de5e88888abf21

  • SHA512

    488702cd50abed14684715aad006411ccf548c1425b30025045890837765fd83204cad82603c9207dcefbf703ea3215c2ef1f186ea609f3c61525a018991c177

  • SSDEEP

    24576:HxGRguk+bKr17CPmCMP0Lapruvdi32kc7u:H1uk2lmCyMapr2

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2