Extracted

• • Target

    payment_details.pif

  • Size

    768KB

  • MD5

    e3c8136549257eecd2cd0a177c8af4fd

  • SHA1

    e931ba3bd3adcd50a9bc6822f47ce77abaee66aa

  • SHA256

    1feae0629737f66256705d4b358b5ec4f78ad14c5dc196ed3ab0cba5b027c253

  • SHA512

    3376778fe74e6e0e47bb3c7256521ef56568b718bbb8f6507352048a23a09c084f5dc8db46bda8fdfef2653d8140444836cdc1a6759274d4e67576f50d1b11e4

  • SSDEEP

    12288:kpNJyRUoYFComA1rzk+svZdbV9MXEb9Bc9H0Wm+HIAW6pehdhMA:CNJyR3KCorruvZZVpxBc9Uf+HVpceA

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2