vipkeylogger | 2596-30-0x0000000000400000-0x0000000000448000-memory[.]dmp | Triage

Sharing

General

Target

2596-30-0x0000000000400000-0x0000000000448000-memory.dmp
Size

288KB
MD5

5f0ba0edb4a20907bd7f23308b450e60
SHA1

3217be6c70ebbc5e66d4153a9ee797bf25a07a15
SHA256

741a141fb1be4c165169f7e0f808065d2310277b7b7ac11156096e557b08fdb0
SHA512

2325dcf9f9299ea575cf8e828ab0298e3d6ceda1ad019d99de411d67788e47ce24d6a732ba147bd060f4cf1a95473736143da06774e31cd91bbb2d4c6751d8f0
SSDEEP

3072:LmOzLtdmQiLY5xB46i0Xb0RmrmRe1LIpHut5O50zQJBbfU2GJlos0YXYTVgHixb0:jIPBb5GvlUb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.hgdijitalbaski.com
Port:
587
Username:
[email protected]
Password:
05310325799habil
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2596-30-0x0000000000400000-0x0000000000448000-memory.dmp

Files

2596-30-0x0000000000400000-0x0000000000448000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ