Extracted

Extracted

• • Target

    rEFT-RemittanceforOverdueInvoice.exe

  • Size

    1.2MB

  • MD5

    4356632cd55a6b5f7b9f49dc17ccee00

  • SHA1

    174bffb9781b6f4e455bba193a6921f57bc7f079

  • SHA256

    62c6436c72f6e31fe3598b4e79600f6262a5fcce63fe6a780e6644669f2b5e63

  • SHA512

    4db5ddf36fc19e3389f4d2b24d0a4e5cf923a8a43fd57e5b61b5d1522a70215615a58ad5a605b9dbc6f5f112db06b2902bd6fdb0811d322565ecda2fbf6fc382

  • SSDEEP

    24576:RAHnh+eWsN3skA4RV1Hom2KXFmIakcPGVsvv9BcdHy+oOZ7d8N5:oh+ZkldoPK1XakcPGVsnTc9iIpq

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2