Extracted

Extracted

• • Target

    RFQ PETROIL BID INVITATION EOI - 16674.01 4KPET.exe

  • Size

    739KB

  • MD5

    0651a05d2350a93f9f1ff6400d7db55d

  • SHA1

    4548e1d49873626ac6eee581126318b17024feb5

  • SHA256

    a5be206861bab4850f3022243ae51161423cc8f8a12aed99f9f55f04a774df73

  • SHA512

    9340e004fab5479e90acacfb6260ba9681a6a60f6fd76c230270eeecd6d3f42f0fa9ea33ac82bd36b474b5066cc763d54e10403648149dcecd6e8486a13b1f51

  • SSDEEP

    12288:nYRxA4Y5lyA/BxSPCyWqLoPZGDI+ef31hJLYZsMJB2RTMRutAbW5KNhc:YRBLhDM9hJXuBwgRut/5KN

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2