Extracted

• • Target

    Outstanding Payment.exe

  • Size

    853KB

  • MD5

    1a2ef5b0b6ab1ea56601fc640c595154

  • SHA1

    1825fdeb18bcb4ad7f593be9d95fdcd5455134a7

  • SHA256

    6ee0bd1b50c4c20ec2ef009293c5835b527099b2e8890b374241f63263fbfc12

  • SHA512

    483f8a4f6b5e82b48b4fa69226dd3aa07bf55b9a0ccf09bd1fea22e49b48979ddc853bafec4653286d079441fc230541b531d2c56a036b7b62b7a2fea0375fc7

  • SSDEEP

    12288:BOq4E6mfJiLl95WcbQkpClSLw2stXgMBz5Nof5Nvexz3Ry1RxU3iExQ6S/RJIzYR:QEkDXpClUuQSwNGvKzunW6SZ0+

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2