Behavioral task
behavioral1
Sample
2776-18-0x0000000000480000-0x00000000004CA000-memory.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2776-18-0x0000000000480000-0x00000000004CA000-memory.exe
Resource
win10v2004-20241007-en
General
-
Target
2776-18-0x0000000000480000-0x00000000004CA000-memory.dmp
-
Size
296KB
-
MD5
1100a67c8e608ad0ca4f2364ade3acb8
-
SHA1
9f1d86883fa76c21d66ee89c5ed7a504224b52cd
-
SHA256
c22e629fd37a57ca58706cc31401f5d1ca0b6bb381cee3fb7c8136bb10b8947d
-
SHA512
9bf523363b6360cbd4aaafd5ff4e76bf15ed659200a2f53436b6480388600d051112be5c5ff2b0d6e7ca602e82c8912afcd6c848f6a9e9d49b670eaa83dc9475
-
SSDEEP
3072:Oi8zGMcOGgRcO+X+uSeSQShSySXS5S3VXmNqpxKdks/3pH4nQ4hFp7bfAvOmiLOV:fVtVuZJ/QtCIDo3KLhT7bIv4jb
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot8177184706:AAEJ0_bPTtjIc-PnjNdYNmARZ2fvBD17ZJI/sendMessage?chat_id=6198188190
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2776-18-0x0000000000480000-0x00000000004CA000-memory.dmp
Files
-
2776-18-0x0000000000480000-0x00000000004CA000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ