General

  • Target

    2788-42-0x0000000000A40000-0x0000000000A88000-memory.dmp

  • Size

    288KB

  • MD5

    4623a8dbc01d646d3d2efa8c5c318e50

  • SHA1

    43aa644ecec36fb063ed950e74e47d54b9ec2556

  • SHA256

    c0e87b033c62ab6a8d007e8354b2e7feb08e0bf2f9430164d0e4df88f3a23aee

  • SHA512

    a3ae99b42376c18672ea9319370d6a94a9b30ff833d4679b111df79a5c227045c1efd5df2ab7fe73705c35fda6a91b6e2aae85bb80f705ddbdf7cc88a5529b9c

  • SSDEEP

    3072:PiZ9iDVnQeTfJBTbo79XXvZ+uN34h5OyTicKXe1Jnub2nfDmiLXY/KBg4iPbbY:tr4MK2nub2NIb

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot7315318214:AAHbW_8qzp1k_NeIC5gT45-OC58Jt1N6o4Y/sendMessage?chat_id=5080229442

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2788-42-0x0000000000A40000-0x0000000000A88000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections