Extracted

• • Target

    c7a9a258ebcce8d059be3d43911b8150cba636c9111224f29924460ffaf0bf33.exe

  • Size

    836KB

  • MD5

    c2fed4eb83e71081a2d50875a519cdd8

  • SHA1

    7dd2cc60334b0eabe6dea6576c0456b6aac05b0a

  • SHA256

    c7a9a258ebcce8d059be3d43911b8150cba636c9111224f29924460ffaf0bf33

  • SHA512

    75482be16caf260dae875d43428cd0f465f85e31def79afcbd69402017122c0d9a69d5f0fe8a0d33b4278aef6c0869d5545581413acb405fd7db40cdfc21683f

  • SSDEEP

    12288:L3LWvY7t2ikRpkGjKm2hy8Vr4yGM1aUIQVo+H6PpH60iXCHX7i8HjffOXDxjr/o0:Ow7tsRpRjKmZUIko8bANHQxw

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2