Extracted

Extracted

• • Target

    询价 (PO 345378).exe

  • Size

    978KB

  • MD5

    d644d6826806f4576e3e4b81e0564a20

  • SHA1

    d51f44bb9644ca2c0bedc2ab78796131b6969a80

  • SHA256

    bc2bb9a71331933d49cdf01b99bdca9e5aabfa26e883db0d09bc23c5c58983ad

  • SHA512

    a10977190477cb38f61e1921c1c988c39d62860d24f194a96d5ec3b7b4dac21d80b989edf9cc0aa389be6d2ae78b37016785572cddca0ae013a9440c8dcddf4d

  • SSDEEP

    24576:7u6J33O0c+JY5UZ+XC0kGso6Fa+FyNIeAKipWY:1u0c++OCvkGs9Fa+FyKwLY

  Score

  10^/10

  vipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2