Behavioral task
behavioral1
Sample
3068-35-0x0000000000460000-0x00000000004A8000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3068-35-0x0000000000460000-0x00000000004A8000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
3068-35-0x0000000000460000-0x00000000004A8000-memory.dmp
-
Size
288KB
-
MD5
3eed7fe035626df8f0098a139b84a31e
-
SHA1
5bab4b5d83e131989258fc690ec0d10ae9641871
-
SHA256
41cadfc04b33960142fde0d58c5c482069f6be3d67fab8fd27b13f48df7020d6
-
SHA512
85b20ddda87dc89855b34490a0838553b0621ec7610bc0f6caaf6cdf5226f17937c996717d7e404ea7008a703fc8519c9cb699a4d4fc4068a368c17fb668a6c9
-
SSDEEP
6144:3K0jMsk4ciMA4W+hlEyUaq+YaeQB99PvPdHDYvCjA3b7mYb:3K0jMsk4ciMA4W+hlEyUaq+YaeQB99Pa
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8148338634:AAFvLNrhxaF7bMPzQMLbUnueRMJvDIi5kcU/sendMessage?chat_id=7698865320
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3068-35-0x0000000000460000-0x00000000004A8000-memory.dmp
Files
-
3068-35-0x0000000000460000-0x00000000004A8000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 263KB - Virtual size: 263KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ