vipkeylogger | 2560-14-0x0000000000090000-0x00000000000D8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2560-14-0x0000000000090000-0x00000000000D8000-memory.dmp
Size

288KB
MD5

cd9b8a6489c55a88ecdf002c3731c17c
SHA1

7e91fca27acf825a42177c712f0a6eb6763de2fa
SHA256

40e5146365fd9db2c14b8b97890a9dd06222561ce567732ddaf3d0ada2921ea4
SHA512

8eca1ded3b3222b3216413138f5ac36bdedbe7f6b5d4db9bf23db019a95f67956f2f6f401403d0ccefebf672f12eeb23ed2ff35e9795d941f295898fb4ba1150
SSDEEP

3072:7WzITA/lFORPHfmor/X/agkfIF4ASLVt+aPWXQ2bIwFTsoXUY/Vg4iKbbY:iJA34f2bhRRb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
Password: D4v_8+edvC?l. .
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2560-14-0x0000000000090000-0x00000000000D8000-memory.dmp

Files

2560-14-0x0000000000090000-0x00000000000D8000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ