Extracted

• • Target

    ef4542ea173af7c534a1b96e14eb0dd06b8db524960345c789dab974f49da59c

  • Size

    829KB

  • MD5

    67ac014a244d792327eb72da981e9039

  • SHA1

    eabcb5df5f257ef95d771c5712282566669851e0

  • SHA256

    ef4542ea173af7c534a1b96e14eb0dd06b8db524960345c789dab974f49da59c

  • SHA512

    0f68f11ca91eb49c9b4d9c0f9e36111cd7c4358d2094835a145bf85a2baeaa882e5e4f1852839ee9dac75735a8205d16e42fc530ea65b095b0cc73b010e35101

  • SSDEEP

    12288:pTmTJhliReYOTJ+TkzNql2bAHG0Ic2tukCEY6Nzub/1SBaDT6x+Krb/04L1d+mjg:4baeYiECW2j02rQbVTorz0i1LiNGoyg

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealercollectionspyware

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2