Extracted

• • Target

    ddadbda4f90dc1d05f3e78ac6e5009c2e6608137b60bce3427e25ffea1b4d944.exe

  • Size

    1.1MB

  • MD5

    1d0c53e42bd84b7b7cfabed7dae7f570

  • SHA1

    0b0df40afe9bed5720c361fe7ed63395e1a25f41

  • SHA256

    ddadbda4f90dc1d05f3e78ac6e5009c2e6608137b60bce3427e25ffea1b4d944

  • SHA512

    9ab7671f48d5dbeb58c93b61998762ed91da2f566421ff11f53edfdb6a65af0199ff4bb31647ec296cae7f85ba7cfc71340fbb931e6a05fd5aa03a43f5026057

  • SSDEEP

    24576:cu6J33O0c+JY5UZ+XC0kGso6FaNAaW2Kh7ZClY9lnmWY:Gu0c++OCvkGs9FaNAaWphNCC1Y

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2