Extracted

• • Target

    Invoice.exe

  • Size

    1.0MB

  • MD5

    b5f9ac41a360df3241952f211876e07b

  • SHA1

    a90f3b69a7e2fce51ed74166e6e9dd10cecd469c

  • SHA256

    2c2e60c86b73901d5a0e81c960c0ab4ce4bebe99684a0d992119575340738ae5

  • SHA512

    2b737709c3d7be16a1d3dad5fdc6629bae92acb2bfd5fbb4f7098f219c13dfcdb75f4a6b0b66410b1593501bbdeea47fd708aa9638885fd6981d035b9bb2da19

  • SSDEEP

    24576:FQvageiojwMklfJqAUBnkVOW/8pNU5C2yqi:Fa7eiUFoRq1uOW/8kQxt

  Score

  10^/10

  vipkeyloggerdiscoveryexecutionkeyloggerstealercollection

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2