General

  • Target

    2776-18-0x0000000000480000-0x00000000004CA000-memory.dmp

  • Size

    296KB

  • MD5

    1100a67c8e608ad0ca4f2364ade3acb8

  • SHA1

    9f1d86883fa76c21d66ee89c5ed7a504224b52cd

  • SHA256

    c22e629fd37a57ca58706cc31401f5d1ca0b6bb381cee3fb7c8136bb10b8947d

  • SHA512

    9bf523363b6360cbd4aaafd5ff4e76bf15ed659200a2f53436b6480388600d051112be5c5ff2b0d6e7ca602e82c8912afcd6c848f6a9e9d49b670eaa83dc9475

  • SSDEEP

    3072:Oi8zGMcOGgRcO+X+uSeSQShSySXS5S3VXmNqpxKdks/3pH4nQ4hFp7bfAvOmiLOV:fVtVuZJ/QtCIDo3KLhT7bIv4jb

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8177184706:AAEJ0_bPTtjIc-PnjNdYNmARZ2fvBD17ZJI/sendMessage?chat_id=6198188190

Signatures

  • Vipkeylogger family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2776-18-0x0000000000480000-0x00000000004CA000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections