vipkeylogger | C0R99012T83633196[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

C0R99012T83633196.eml
Size

205KB
MD5

82c89feeafba2f9d1681198ac3888e3a
SHA1

92f40d5d596f7de2579153be44661686cb539a38
SHA256

eac9eb05b0d84224119fb275b0e87a79a3df635ff2beff4e18014fb0b48dc512
SHA512

1481864a7403891c3fb8ac959fbf4eca0ea1e65f98c8407b33121a354b30673dac2ddd444f31f581e4a5ed37403a3ead6b56602d23f2831a9e7349d6efa5c344
SSDEEP

3072:neusqIqgDr9Bgt9u2a5ol9nY+42m52GbVF97H6k2o:nJIqg1Bgt95vHnYlAGbVN

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.ghostfilesuccess.com.ng
Port:
587
Username:
[email protected]
Password:
binAmen2024$#
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/FedEx AWB 000263577955.exe

Files

C0R99012T83633196.eml
.eml
- https://www.fedex.com/content/dam/fedex/
FedEx AWB 000263577955.zip
.zip
FedEx AWB 000263577955.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOSX/._FedEx AWB 000263577955.exe
FedEx.jpg
.jpg
email-html-2.txt
.html
email-plain-1.txt