Extracted

• • Target

    inquiry0950.js

  • Size

    1.3MB

  • MD5

    410a3c00c23b4af500311ae954d7fae5

  • SHA1

    44b996b2040ddc20f1cf07c7e070514f856b02c9

  • SHA256

    c3aa4900a10fcf72db0cce3754e4cb44617229442f01ed0caf18c159ceea7e57

  • SHA512

    589b6805ca596f85c3cf5ef2365996ae9102ad8460cfd9fc6068df8284e1044002cbf8aa27e327d850f33472f951089d4e8ce43bd5acb0c3a6ff6f31ad9341ce

  • SSDEEP

    192:To1o1o1o1o1o1o1o1o1o1go1o1o1o1o1o1o1o1o1o1go1o1o1o1o1o1o1o1o1o1L:VplQBOr

  Score

  10^/10

  executionvipkeyloggercollectiondiscoverykeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2