Extracted

Extracted

• • Target

    OZEKESSEVEN.20.01.2025.pdf.exe

  • Size

    815KB

  • MD5

    97a247124adb2f06a055989511504ae4

  • SHA1

    2682dcaa02f20fd62daf71d8e93249ab9cab2d05

  • SHA256

    fea0db3026f3e075b240d97b0ff93ac157c8dc69a7d56a32e3595ed261a9ea55

  • SHA512

    106769f08c0bbfb1dad521c9fc87842532235aba8b01893f51832590cf2082ab0c3954f9122880e13c6658ab5ad1f29da259a81223588e401f0828f12fe4691d

  • SSDEEP

    12288:X5y6WhRSUuncKBvu9vM0y/VLj5iyce8rhdyIu+FGLRxdqAdaXwjV:w6NncQu9+DcfhdFQxcA4K

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2