Extracted

• • Target

    pago-568092-566534.exe

  • Size

    806KB

  • MD5

    ee9064c9429ce71f8840108fd27efcde

  • SHA1

    20307672fd0b0f40ad0e6d035445b395578abfae

  • SHA256

    88287f70307150fc1f469bf08e49dee581cdce1900dcf477a08d010e90fef57d

  • SHA512

    fef7fa31a45dfd22ea2bac537f6f97373688698e1d1c7601cbe5e6646def952eb5f5f90302e127c87ce0aaa152f8700c312dc2ca859b329d8d49a4824c145f0d

  • SSDEEP

    24576:7fYuPz30Oo2mDqFscQFAEIoOf7JGpbtg2:jPokeAE9OzUrg2

  Score

  10^/10

  vipkeyloggercollectiondiscoveryexecutionkeyloggerstealer

  • VIPKeylogger

    VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    stealerkeyloggervipkeylogger

  • Vipkeylogger family

    vipkeylogger

  • Accesses Microsoft Outlook profiles

    collection

  • Blocklisted process makes network request

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1

• • Target

    Undvrligst130.Gul

  • Size

    54KB

  • MD5

    63d3e9e12462b3b7ad4ca8835d3d08bd

  • SHA1

    d9aa8a0fad0c4c9eeb030e4da83b37aae9ae132b

  • SHA256

    1c739a595448826a25d50af246010dbb70fd6a78c5af3316509ff2073e5cad2c

  • SHA512

    8e5e65554e94703b893dcbc210d4d5c0949059eeb0a0e41ec3b16ffc746d5571b74d102c68c286670a2523447c1f9c2cb1a47c3088865bfe9752d744a9578274

  • SSDEEP

    1536:NVi4bqCaM+oZ8nqA3w4mmzuI3gBxNFBD1ed:7izpoZ+5m1CgBDFBD1ed

  Score

  8^/10

  executionpersistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral2