Extracted

• • Target

    RFQ 6000069128-Eclipse Supplies & Services LLC.xlsx______________________________________________________.exe

  • Size

    773KB

  • MD5

    5112b66efe4673b10d9a1e9d9f3de8dc

  • SHA1

    f459a6d327a0fe94cbc141c6fcdc65eff81f18be

  • SHA256

    0653cd81c0cf45dc2b510934a5f0c1c68d17729387f55f8f6a70b1b11f9cbacb

  • SHA512

    5e1e1d66750e6cf07f23f28cb568ba99afd5ca5ee76f8d831094e9340fa30e02ea8ff1c71c917b4e5ce53a19311793e83748f0e488c12cfea993c1946dad5cf0

  • SSDEEP

    12288:1YfPXqswecl91mDviO2b8bXqU2Sv//FQmmQ/MWzTjspH3hy55kJmDwnCD3J:0weclubX9//2mRLTjsLy55emDwCD3

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2