Extracted

Extracted

• • Target

    PAYMENT COPY.exe

  • Size

    787KB

  • MD5

    0fa481ebef3dcbe0c1aae46cf0105e03

  • SHA1

    4612f458edb2cbc0e836fe1eba79500395fb3de3

  • SHA256

    e2469d8d6f5c746d3932e54527648b6f4db1a94ec8dd4515695f421fc4c8b1a9

  • SHA512

    07d2fdeec725b2b34e25249c025b46631b895c290799b992716bbfc03dd4d0f1af2448b0203b1a0287e0d2ce6f1101ea3d09d8554702bf2b5d0ab6daf35feaea

  • SSDEEP

    12288:CZWbA3grjrTbZVyLJW4aJ0RqUTQhb3809D2RiDFzgaH1aAJMvYL6IelDQWwkDWBp:CZUbjrB6EJbMYraAuvode

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2