Behavioral task
behavioral1
Sample
4600-1134-0x0000000000400000-0x0000000000448000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4600-1134-0x0000000000400000-0x0000000000448000-memory.exe
Resource
win10v2004-20240802-en
General
-
Target
4600-1134-0x0000000000400000-0x0000000000448000-memory.dmp
-
Size
288KB
-
MD5
e1d2f5446701e5ead4bd22f353732ce1
-
SHA1
78972044f37f32289827b505e17f3089c8bc3037
-
SHA256
58b45b8947918061edb4f8ed1002d7bd7753d8cbae93b8cae55e5510ff314989
-
SHA512
e4094d14c7e1be41f6c4422da7a7b919091449180fd5c1fdadba4319adb8e26d8a9e8700d613889e7335c324d906418d86b61f8fbd4bf7f3caa7ca2dd00f6348
-
SSDEEP
3072:5Cg1A5bl2tZVA4FzxX+ns4/3cBXLuSLFJU10dKQnVb2QfDs0xZY/Vgai/bbY:OQLuLy1nVb2kdb
Malware Config
Extracted
vipkeylogger
Protocol: smtp- Host:
mail.leedelectronics.top - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@@ - Email To:
[email protected]
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4600-1134-0x0000000000400000-0x0000000000448000-memory.dmp
Files
-
4600-1134-0x0000000000400000-0x0000000000448000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 262KB - Virtual size: 262KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ