Extracted

• • Target

    1h5OmzymbyVEzYd.exe

  • Size

    771KB

  • MD5

    223f14d66cc623f727b893be245bfb43

  • SHA1

    b660b092d21a2c75b1f24256a4b4f53a21f38424

  • SHA256

    f2cb987cd17107f4bc8171971eb158d0fc6d55c0e501b3e17c478afdbbc2e9e4

  • SHA512

    b06b49f20f039b85e2177ddf380d67bcf94b460b3337e7ee6b2dfb84e224eae23df835dd69072f55fc56677eb36f1cb827fc04c1ee6a2ceedcddb5ecc6238838

  • SSDEEP

    12288:kYfVG6swecl9j1Qi8HLagXUFNunI5iLdKy5mitqzaISeIrjVB146j6:SweO1Qi8HLayIbyEAcBtIvP

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2