Extracted

Extracted

• • Target

    b5Tu0LaQfn6bnAD.exe

  • Size

    790KB

  • MD5

    5220a44989c88e4d1a573ecaea24056a

  • SHA1

    b5ae001ca25a3ee449d2103fdca87b81d3c67f88

  • SHA256

    ab68d4e831745aa5364ad14203a0a9669a5362913b09263eb4e06681f62007c5

  • SHA512

    f174ff257e076474cbb270bf4933d9fbe93fb75e862fad98bffb12c576ff11a9860df7ecc702f910a288d23d96b9e0f0a3e1e8992b07979cd50b284f96d16f55

  • SSDEEP

    24576:YP9fy9U2kn2Uv6XQbzET5RrNfxi3SLX26s2ZAXtJb:Ylfy9U527XQbgVFyA6t

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2