Behavioral task
behavioral1
Sample
2756-12-0x0000000000400000-0x0000000000448000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2756-12-0x0000000000400000-0x0000000000448000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
2756-12-0x0000000000400000-0x0000000000448000-memory.dmp
-
Size
288KB
-
MD5
bddef14774188d1dd1b7247e49741f2d
-
SHA1
c627fcd2b12a621b9813bcaa352308fd702e6ffe
-
SHA256
403730d4848a927bc7529fb51346c4116b9a9c8dce3ef95259a99f7cc6a72d49
-
SHA512
c85ba70801c5a9f319751c5c2576e81625664450604f71608a977dd463cc0d00fdbd9caa46dc2948c52bab08bddba1d5f2b893035e390986676b7399fbe4623c
-
SSDEEP
3072:Bi8zGzAslTKWaa0gL+PXswk4bSlVHn2TV9rGwbf6SUmiLLYABg4ivbbY:oyTJbImb
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot6544305483:AAE8KbOE8VYVdSrRAygbZ55ITZf4MUbOGgo/sendMessage?chat_id=6032544584
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2756-12-0x0000000000400000-0x0000000000448000-memory.dmp
Files
-
2756-12-0x0000000000400000-0x0000000000448000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 262KB - Virtual size: 261KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ