Extracted

Extracted

Extracted

• • Target

    CamScanner 02-18-20250535.js

  • Size

    311KB

  • MD5

    0de9fff98db3ba4094c5aa81d6c67423

  • SHA1

    c1350fa5569ad8d00231da2cde9955c34757fba5

  • SHA256

    554b9322949c5330f897d744e542da4d8db44ec6b193ed36374c386fb8cdb0c0

  • SHA512

    1fe18f132389031057617a771dd0aab9fce470156eae586d607da651d7506f8e6d51ba432149db749fd614a58873262fbfae1bc132e10f7b14f1bcdb700a3703

  • SSDEEP

    3072:5vJ5HovJ5HovJ5HovJ5H7vJ5HovJ5HovJ5HovJ5H4vJ5HovJ5HovJ5HovJ5HRbUj:soYfL

  Score

  10^/10

  executionvipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2