Extracted

Extracted

• • Target

    e66dc1e184e0838c2c811bebc1780a4e17c0e005af799ecfebc4868664b94a0f.exe

  • Size

    1.1MB

  • MD5

    6a0297e362831d810a049e0ef860147e

  • SHA1

    0d5d32ca2b5e36fcc209a7fc6ee12efbf3cf572f

  • SHA256

    e66dc1e184e0838c2c811bebc1780a4e17c0e005af799ecfebc4868664b94a0f

  • SHA512

    cc4b91e47a2d5b7a8b01ca973646d7342671c0497a59ffbd493dc5ac74dbfbb4940b443df064ed6e26c0e5011faf63562c6290055c5efe6463689971c936b3ca

  • SSDEEP

    24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8apy1OcKWb:KTvC/MTQYxsWR7apy1OcK

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2