vipkeylogger | 4220-89-0x0000000000C00000-0x0000000000C48000-memory[.]dmp | Triage

Sharing

General

Target

4220-89-0x0000000000C00000-0x0000000000C48000-memory.dmp
Size

288KB
MD5

dc7cf5d935f60272708c486152fe54b0
SHA1

f01beb664290441a170a4f5a3c5649b9ad3ed951
SHA256

751d519bc265cf5fe062d960014239dae7e85f010d2caf0e3dc9e6348750a792
SHA512

bba0cffdadb6042c14d5b89f180abd48191449193b9acf6aa40b7bcc2132d1c1ff34f2ea0616add9d2749470ce9989d0d7b5e735202f0ebf9347d5c4b233de05
SSDEEP

3072:R22TjoN+4xwZZWZAy1MXmiwIipGV7wa7rpHuBjf+ibfksJ2s0uXYTVgHi6bbY:Pwa7rojf+ibFJ1lb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.inmogomar.com
Port:
587
Username:
[email protected]
Password:
Gomar-19600
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4220-89-0x0000000000C00000-0x0000000000C48000-memory.dmp

Files

4220-89-0x0000000000C00000-0x0000000000C48000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ