Extracted

• • Target

    ShippingDocuments-180225WP21BZ059.exe

  • Size

    1.9MB

  • MD5

    679da76a671452de2f13a1585028e74e

  • SHA1

    e89c5b5d3b31025710714c14955d22820e2ed493

  • SHA256

    44095f79a9e682a29ed75fab33f6dcf1e2f11937097e4c7e3f84080ff7444048

  • SHA512

    e21d43f7bbfd77ce1fdccf438655385ee1efd026f29adba0c1e979186de0b28b8495c97ed4e89b9324d484b0db4ce9c9e5d29964d4df395be54f6477d086959c

  • SSDEEP

    24576:SUeQg2PvNPjxiF1LeVFJ03GDJuwAP3OED/NSq66+0wZPK8FbqFnAYJytaEVarmmI:tNrxiHUJK8lAP3vD/A0uC8tBcytaeXd

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2