Extracted

• • Target

    e-dekont_html.exe

  • Size

    751KB

  • MD5

    f7ff8dfb747288afcf93d2fb684bda69

  • SHA1

    10b18972da7d8972712f98483fbe99139b3cb0cd

  • SHA256

    15129e8c98976b6364fcf04b6767140dfec8152a5c7b3554178ac9f75f0e6c8c

  • SHA512

    231f8c7b52d0d059ecaaad88b2b77cefbba5edde3284ea0b9ac3d63a7406660af017409f218d67397c6eff4faf784e82cffc4b9020ca1303f005b347016882c3

  • SSDEEP

    12288:BdjJYyOn6nzxl1cbs2KWG2hY6uIJXpABu+vuemkeJQGLBdXwwupjIcDx:JY9n6nvEstOhY7IJXqRXU7tdXz

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2