Extracted

Extracted

• • Target

    bEXN0tpyU41jdD0.exe

  • Size

    864KB

  • MD5

    25b7cb7a62555ef3aaa7ecae00c8decd

  • SHA1

    a2421f5e2ae3aa20b8d11fc3076cea2400c68299

  • SHA256

    867af082ab5f5e7468aab5bca97063c60877f44c2d39c0ad02f1a1e721c92260

  • SHA512

    c7c7eeed71df83807cf9d584ee913e4661ccd7d921139a381ce4c17479420683f5ece7aa37b618d4162f39bde11c3bb2bf44fe906e9794f7d3ae0faa6c119f1b

  • SSDEEP

    24576:pg5n6cf13/iyC9LDY9uAKwOy39S741VxsUYI2f:pgB6KRCxDitSiYIU

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2