Behavioral task
behavioral1
Sample
1768-9-0x0000000140000000-0x0000000140046000-memory.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
1768-9-0x0000000140000000-0x0000000140046000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
1768-9-0x0000000140000000-0x0000000140046000-memory.dmp
-
Size
280KB
-
MD5
7de12ad46da2755e668743c9079d97e9
-
SHA1
70b33e1fa6e8f4dc3b9dc3dacfc3c74930f6d283
-
SHA256
ca203919da287e1b4103c1ffa9e1f8bbb5d8fafb79ca820933552eb3fbf6045c
-
SHA512
9136a4c0efb686ffb4489fe0eaeabfa15933337116704931e007bd05e985b48461d1dde1d0f2c5e784aeb007e4eb83cfea0c1c800cb9e9f867fb3466da8990a6
-
SSDEEP
3072:wqAMYuUphF6EvHIY1nR5XFfMvxwkzPpH4RYib4dkJmiLBYTKBg4iwpbY:jFPCb8qhb
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7470097193:AAH7g9zj8FQx12YOFkn9mZO_1-BTN4b6gKo/sendMessage?chat_id=6155920142
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1768-9-0x0000000140000000-0x0000000140046000-memory.dmp
Files
-
1768-9-0x0000000140000000-0x0000000140046000-memory.dmp.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 263KB - Virtual size: 262KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ