Behavioral task
behavioral1
Sample
1180-9-0x0000000140000000-0x0000000140046000-memory.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
1180-9-0x0000000140000000-0x0000000140046000-memory.exe
Resource
win10v2004-20240802-en
General
-
Target
1180-9-0x0000000140000000-0x0000000140046000-memory.dmp
-
Size
280KB
-
MD5
aea14c7c90670e4e52382457b1790280
-
SHA1
c1389340b9bf95d49514aa8ca8bcfbd21e1fce77
-
SHA256
96900faf2171d476767e27dbcbdbde836e3daad446aec953770eb8f15cbbeb19
-
SHA512
9cc3db5fdebd1a77971d76041b87070efd1918ac043749fc700a2f6e2aa4326a8c9e882c5ee2cc3833381aeaae22f4cc3c6bc74151320cdee87595596b8a7e90
-
SSDEEP
3072:STsDJ/xMyGYPUXqa7pGhXuFJvUi79IUxH3jyYbvwsonhmUYTVg4i8pbY:VXUdDbp1b
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
smtp.ingermint.com - Port:
587 - Username:
[email protected] - Password:
yhMgQqK2 - Email To:
[email protected]
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1180-9-0x0000000140000000-0x0000000140046000-memory.dmp
Files
-
1180-9-0x0000000140000000-0x0000000140046000-memory.dmp.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 262KB - Virtual size: 262KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ