Extracted

• • Target

    NewOrder-28012025001-pdf.exe

  • Size

    743KB

  • MD5

    4e520a7ba2d74a9913565d83769a51c2

  • SHA1

    647a0f0ef0c95d656b50c8b881d065406342126e

  • SHA256

    b30e339a7ecbbf9ea338c915cf1e3f8e6b6740b314ef1d08e38b1694e3446163

  • SHA512

    ee079bce8fe21a41a4c0be0733d3b6146f3ae0571d8441fdb94409fecabaca122eaca96475087f28aa2176a74fd102f81707eff95f45850196ca1de3f037bb35

  • SSDEEP

    12288:gjjLOLZ6pXiuzDlEa5R97w8m4KtHL3N7BhUdJzDvYqBrObeNdqqkf8px4+xaUJ:YLOL0VXlEapE8mZHx7U/z/Qeqq88Q+k

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2