Extracted

• • Target

    909a74c7a03956c55492863028a975ccf0917f54fab5d4fa8cfa2bfa8e480ed9.exe

  • Size

    884KB

  • MD5

    fa59fc9d6c2af739eaa63d3af4d6f428

  • SHA1

    0550a7caae5cbe592ada14d028601c95cc9c678b

  • SHA256

    909a74c7a03956c55492863028a975ccf0917f54fab5d4fa8cfa2bfa8e480ed9

  • SHA512

    fd728cf6a59b4db4c1223992c0ed25206da787b8fc0b8622ac875896d2f1f7a24d8596b6e3f825f021f423f60b29cd110ab61f111127df4a95af3a705d8daa57

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaC3zdlP1RtygCmm/:7JZoQrbTFZY1iaCjdagK

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2