Extracted

Extracted

• • Target

    C24TAA-00343127-WEM0G8XYGD3-DPH.exe

  • Size

    795KB

  • MD5

    b02a4d403c3cbb558b7e1c278308d9cf

  • SHA1

    0310e74a641adb79192eb93e4cdeda5fad4f1747

  • SHA256

    bf3c1941de57148eb6de474d360c57a08582dbb3ee548c283fa34cb08436e402

  • SHA512

    0a41de9a105cf4893ccca294ecce60852ed1e015d5111690e01b4b2728445b53beff8ffcfbe103cca95af1e861e64b518df8c144eb3d1a5009fe52f20c1397c6

  • SSDEEP

    12288:8AB7hgn0fsOLvycEuUDg09ZK8X2fhASSCD0w/KbqWFvbvuEGmz18v354BtJmT3L1:NNQDBLK8qSnMKHDvuEGg1U3ezJGF3

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2