Extracted

• • Target

    3b047fc0647a4dd0cbf6c8535c364616720a916bd3fb14a4ff5543f18b662d6cN.exe

  • Size

    1.1MB

  • MD5

    af0a7b9d983a13430107f6dcb04ee780

  • SHA1

    a219173d553dd60eaff5f18ea7b3eb82cda4a3fd

  • SHA256

    3b047fc0647a4dd0cbf6c8535c364616720a916bd3fb14a4ff5543f18b662d6c

  • SHA512

    e05f9a7886e2858aae6cf2ad002d7713b3800808f23528f6a3a0aa603a2920856681a88e064c47d0466c6f861b644f49de142c6a460183d21d8a4df84a320f6f

  • SSDEEP

    24576:jiVX2+2zDTxps71Dh7P2EJFBRi47ax9fRjbhZmATcWlEOsW4Bhw:F3TPs71N2EJFBRiCaLfRjrmA4W2OsW4B

  Score

  10^/10

  vipkeyloggerexecutionkeyloggerstealercollectiondiscoveryspyware

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2