Extracted

• • Target

    PI-52-2025.exe

  • Size

    1.0MB

  • MD5

    8aed9b5244d017df5e006b51f1be3a62

  • SHA1

    282a0f5b317dd0b69ada0724fd2a62966dc6cfc0

  • SHA256

    af5e834d991974e9fefb6fd302023242b289f01fb82f8961182540d4c6b9786d

  • SHA512

    912a5d2fc2fa2551dfa77bd54f8024a298d5cd19582f725cbc45d511cc1f51841de6539f5502530258b0a950d92f457b7fe6742d99aa09cac771bc22dae53183

  • SSDEEP

    24576:2m7baljV3sk5X5sZLlF9wT2y1A5vy+hsPB4Uq:PwV3s4JsZLlSJe5rhwfq

  Score

  10^/10

  discoveryvipkeyloggercollectionkeyloggerstealer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2