General

  • Target

    1736-41-0x0000000000F20000-0x0000000000F62000-memory.dmp

  • Size

    264KB

  • MD5

    9a6738bfb3c0a57b171c5acec9075e2c

  • SHA1

    4dd8c1b8fa848149f0fb609945a50a330365c6e5

  • SHA256

    d6fdb5cd10b292e58f7cddd55bed647553dc2a26eb10ce81b2adbc4d1d49c1af

  • SHA512

    3915bcaa94ed0ad24a98eb0b2893fbafcac7cad7e1d6a2ec88b72ea943345acbc664fe5860299bb784ae55337a328dcf99843f9a313503c193845fd161fa6960

  • SSDEEP

    3072:0OpJzmaDJv3g9kGAbwJv4dXcoDfzsBHz6vt4Dby432sjpZYTVgawbbY:0k9VzsMVybZ3bHb

Malware Config

Extracted

Family

vipkeylogger

Credentials
C2

https://api.telegram.org/bot7279152827:AAG-WZ02OUAib28bSfyl1nfxZXIa0IdG1b4/sendMessage?chat_id=5913849875

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1736-41-0x0000000000F20000-0x0000000000F62000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections