Extracted

• • Target

    RemittanceAdvice.exe

  • Size

    1.1MB

  • MD5

    8422e1f4aa7eb11c4e820fc93ce8df24

  • SHA1

    4edadb9d2fadf28402f4acc6fdde89c4976884ed

  • SHA256

    33933960a12c42cfc5240325d9cb332b6f609ebeafa257f3fa7603cd82436552

  • SHA512

    6c8713e24a5a5e485e21a41e686b72ad3d36d130e9d6b7dfe28b5372f4dbdb484079084d9623eb2540e62705df7a09d855df9822ebd89c7459f7a2ac11ddd23c

  • SSDEEP

    24576:gAHnh+eWsN3skA4RV1Hom2KXFmIa8JHtK7JiB++835:Xh+ZkldoPK1Xa8JtgJa++Y

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2