General

  • Target

    3068-35-0x0000000000460000-0x00000000004A8000-memory.dmp

  • Size

    288KB

  • MD5

    3eed7fe035626df8f0098a139b84a31e

  • SHA1

    5bab4b5d83e131989258fc690ec0d10ae9641871

  • SHA256

    41cadfc04b33960142fde0d58c5c482069f6be3d67fab8fd27b13f48df7020d6

  • SHA512

    85b20ddda87dc89855b34490a0838553b0621ec7610bc0f6caaf6cdf5226f17937c996717d7e404ea7008a703fc8519c9cb699a4d4fc4068a368c17fb668a6c9

  • SSDEEP

    6144:3K0jMsk4ciMA4W+hlEyUaq+YaeQB99PvPdHDYvCjA3b7mYb:3K0jMsk4ciMA4W+hlEyUaq+YaeQB99Pa

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8148338634:AAFvLNrhxaF7bMPzQMLbUnueRMJvDIi5kcU/sendMessage?chat_id=7698865320

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3068-35-0x0000000000460000-0x00000000004A8000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections