Extracted

• • Target

    SPECIFICATIONS112025.exe

  • Size

    1.1MB

  • MD5

    1b941eb0d1776fc0a50f6a68162e0cb2

  • SHA1

    59528929deb3d83d73b57fc68487b2edd41d7b95

  • SHA256

    74a376edcff8224f1dcbb9f18ff4f10251e149f2073d9d0e0364ac5a0c599e88

  • SHA512

    7a52449d6d9238ca0cce15ea51387aabe09e85b25b8e32fab6b3909b38f941fe87ae9b8239f5ab6d3c0beb18b75cf1b578dc3aaaae3553c60a2c8e1d3dd08e68

  • SSDEEP

    24576:Hu6J33O0c+JY5UZ+XC0kGso6Fa40PVL45NTFw6KdNDaLTHWY:Bu0c++OCvkGs9Fa40tdNOLCY

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealeradwarepersistenceprivilege_escalation

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Drops startup file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2