Extracted

• • Target

    2025-01-14_4c6155abdd35075944e44249e13a89b8_cobalt-strike_hiddentear

  • Size

    649KB

  • MD5

    4c6155abdd35075944e44249e13a89b8

  • SHA1

    badcccacec1ef981465c198cda1a14655b500916

  • SHA256

    321b137e3d9fb127daa8a992a5e2d826361456054ccd70f2308a369663db755d

  • SHA512

    d788a5d941a3e649feea8fdfa83b537d62cb4e7cd125152950dde551803939fb1b5576a8885a7e69add1a41201e9600d334334b85ace6f0b535c73eddeccab52

  • SSDEEP

    12288:JaUEPcD6Tx+ir6hNmTTHqQV68rRt2dAAr7Q:JaUEA4uAm7Q

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2