vipkeylogger | 1092-18-0x0000000000400000-0x000000000044A000-memory[.]dmp | Triage

Sharing

General

Target

1092-18-0x0000000000400000-0x000000000044A000-memory.dmp
Size

296KB
MD5

d89008aea6409ed4846cb54cb57f2eff
SHA1

aa8d0305d187296fb1306549246be0966907181e
SHA256

c867c184f63c85955c909820b28d7b5d05e656a10c9ddf5f280a4d91a298e09e
SHA512

536f43d9c8a6a3f78f3285eef2fb8cb65b74ca7abd86cea6cae6c415ee54b5360227136d2bb5a26e3010de0cb78ca1feefba8fdb670b071d725d63ed938005c0
SSDEEP

3072:ybQzJLCLuwO9Dbn+O7+TXPwG+ln9leNPJhhHJzVlJwbfZssoUUYTVgliZbbY:9G3NPJd+b/hb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
secure.greatmail.com
Port:
587
Username:
[email protected]
Password:
Anniebooboo4!
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1092-18-0x0000000000400000-0x000000000044A000-memory.dmp

Files

1092-18-0x0000000000400000-0x000000000044A000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ