Extracted

• • Target

    BBV.exe

  • Size

    746KB

  • MD5

    ff44cffdcaecb4c6193eb693e237a831

  • SHA1

    c520d27c72614228a1a807c032dd575b84a5ab23

  • SHA256

    038677a185ea0f86acc0ebdc57c493a7062638ea3856d2175e28e3cc28be271f

  • SHA512

    a4d0a2505e53269fe3d01ef119311a77fb3150cbab38911ad2bd762b5733d819c035776fd6ffa7b5f8332bd3d44659f50a761271b70659bfa2d94d91dbb9a9e2

  • SSDEEP

    12288:9iQiKaxnTjFAjWqvvNzbAgchsWCNCWagVgA2knUkbo0ln4v7cmlTJ3gB4grn8kR:IQid/FA1NzUgchRCvSddgoGnG7ZTmmgP

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2