General

  • Target

    1768-9-0x0000000140000000-0x0000000140046000-memory.dmp

  • Size

    280KB

  • MD5

    7de12ad46da2755e668743c9079d97e9

  • SHA1

    70b33e1fa6e8f4dc3b9dc3dacfc3c74930f6d283

  • SHA256

    ca203919da287e1b4103c1ffa9e1f8bbb5d8fafb79ca820933552eb3fbf6045c

  • SHA512

    9136a4c0efb686ffb4489fe0eaeabfa15933337116704931e007bd05e985b48461d1dde1d0f2c5e784aeb007e4eb83cfea0c1c800cb9e9f867fb3466da8990a6

  • SSDEEP

    3072:wqAMYuUphF6EvHIY1nR5XFfMvxwkzPpH4RYib4dkJmiLBYTKBg4iwpbY:jFPCb8qhb

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7470097193:AAH7g9zj8FQx12YOFkn9mZO_1-BTN4b6gKo/sendMessage?chat_id=6155920142

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1768-9-0x0000000140000000-0x0000000140046000-memory.dmp
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections