Extracted

Extracted

• • Target

    0793dea60c7ffdfc565ee04e833c2bafc1b8e4d9094850fadfd3a8f3e2b34633N

  • Size

    766KB

  • MD5

    1c5c9ab7f40aff7c4d0b43afe9950c60

  • SHA1

    3b59b64ce12273bf2ed71444b333d4082997458b

  • SHA256

    0793dea60c7ffdfc565ee04e833c2bafc1b8e4d9094850fadfd3a8f3e2b34633

  • SHA512

    ca4acf2b9ffb3c1bf49b3f3d89d3e4ef1e758475a406d100075029b2d8080e5e5ac5e27dbebd72b5b17e0db886554bd5dbc9c8f71d8b13141fa02d75ddfd924b

  • SSDEEP

    12288:zTsQB8/720mXkfz0z6YTaXb//HU7e9HLQl2SlPRIiusk4qQuTHLANvILxCrHt37c:zTsQB8S0ck70haXb30yMDTIumTrsgL0W

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealercollectionspyware

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2