Extracted

• • Target

    f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7.exe

  • Size

    1009KB

  • MD5

    d721eab396039744df30c1c4ac89386e

  • SHA1

    db06bcb42971088989f20c795e484611b37b35b0

  • SHA256

    f800b332a02989cb73f92d0b58f9658f7f5389be1a966670c507ccbd32c31ce7

  • SHA512

    aab9f2ea6979d26df263378e629ff9058652c3622bda8c913968dd45c461d546cf1cbc337387ee344109f0273248476c44640b0e9f14deba944c92fac1f8e226

  • SSDEEP

    24576:Ou6J33O0c+JY5UZ+XC0kGso6Fa4rtKwUtjWWY:Au0c++OCvkGs9Fa4rInTY

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2