Extracted

• • Target

    DHL_invoiceslastshipment.exe

  • Size

    1.3MB

  • MD5

    e6bf51018ff9512dfd37edfa4ffe12d5

  • SHA1

    19866467d4061595201fed1d2de2452a2c92264f

  • SHA256

    20ae7450fb646bc6d7852d6d53a00a2cf86d49f1ca6211053d8696b4df4ca090

  • SHA512

    ed7a9a29f9823b71cac3c635d294299bcd2d6bdffbdba0598926fb04d8bf0d18bc92866f82aa3817db20776e8275c6c18335c8b655d8d436b10ae979c4472bee

  • SSDEEP

    24576:90wNfB8px5oC+ypZxvIcjEliQTFByXs1FjaI51p8nTh72KOVz0bL:Kw/A4yHOVNT2qGI51eTMKOp0bL

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2