Extracted

Extracted

• • Target

    b19a7098f74ce79004ffd6a109302ef0.exe

  • Size

    736KB

  • MD5

    b19a7098f74ce79004ffd6a109302ef0

  • SHA1

    206ff16596fc022d321df2687440c7942a3c2d4c

  • SHA256

    1ad584b71b2ebb4fe6418e55f8d261ba662d4ab07e68ff05c1a073580e2419e2

  • SHA512

    913ee9f0949a89b1a62cf93d21fdfbd3127165a2ef6dc6dad5d098c3d772f3ab4f844523a103ef16aeedcb069f3fc154da7a355a8fc0b2f611978a50eb00a3d7

  • SSDEEP

    12288:zNYVYJdaCiBTiid+myis0hDE+iubk5NG4MXpnHXgYfzDDGl+9dVazSxC9C:i+FeTiid/xs8BiukN3MXpQKzDDGlnAR

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2