General

  • Target

    2756-12-0x0000000000400000-0x0000000000448000-memory.dmp

  • Size

    288KB

  • MD5

    bddef14774188d1dd1b7247e49741f2d

  • SHA1

    c627fcd2b12a621b9813bcaa352308fd702e6ffe

  • SHA256

    403730d4848a927bc7529fb51346c4116b9a9c8dce3ef95259a99f7cc6a72d49

  • SHA512

    c85ba70801c5a9f319751c5c2576e81625664450604f71608a977dd463cc0d00fdbd9caa46dc2948c52bab08bddba1d5f2b893035e390986676b7399fbe4623c

  • SSDEEP

    3072:Bi8zGzAslTKWaa0gL+PXswk4bSlVHn2TV9rGwbf6SUmiLLYABg4ivbbY:oyTJbImb

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot6544305483:AAE8KbOE8VYVdSrRAygbZ55ITZf4MUbOGgo/sendMessage?chat_id=6032544584

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2756-12-0x0000000000400000-0x0000000000448000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections