vipkeylogger | 4572-87-0x0000000000E80000-0x0000000000EC2000-memory[.]dmp | Triage

Sharing

General

Target

4572-87-0x0000000000E80000-0x0000000000EC2000-memory.dmp
Size

264KB
MD5

a20fafe1d63dc410ed819e55938c0f67
SHA1

2f074d68ff76641b5c1dac044b7e403b20ae4ebc
SHA256

a00cf439409e14d4da7f6f2f180beab081e7202aa3e374971089725b082de05c
SHA512

433f836ec1ac8a3289308e47d1021c1aa45fbb48fcc45169f18c02ab50f0ac8d0af9c808a4cc83d98cf458622c61b1daa2ae20cad193eed4e6b39262f04488c9
SSDEEP

3072:OIWTDJDipx1Wc3kKKbDDXb7vrrtJ1o2LwsCbydJWs00ZYTVgSKfbbY:4rJLxCb2Pb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.turktav.com
Port:
587
Username:
[email protected]
Password:
)d!s~MV@X;!M
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4572-87-0x0000000000E80000-0x0000000000EC2000-memory.dmp

Files

4572-87-0x0000000000E80000-0x0000000000EC2000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ