Behavioral task
behavioral1
Sample
e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d.exe
Resource
win10v2004-20241007-en
General
-
Target
e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d.exe
-
Size
271KB
-
MD5
e681538de4634454ceeb048953383882
-
SHA1
a7f7c93dacc6bbd8d12564dec0bc5c5c8a8d6dd0
-
SHA256
e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d
-
SHA512
5de5552533da23a6c250723c3d19fc9afce907fe9f7c339b9417dd26ebe89b28937728de1e498d8e979e72af92f5266fc467ab6551757f34057424078d15fa65
-
SSDEEP
6144:1K0jMsk4ciMA4W+hlEyUaq+YaeQB99PvPdHDYvCxG8b1ESb:1K0jMsk4ciMA4W+hlEyUaq+YaeQB99Pv
Malware Config
Extracted
vipkeylogger
https://api.telegram.org/bot7331041604:AAE-Us7UbUFSJts_TZoHHXgsfP7KSC7d5do/sendMessage?chat_id=7422462541
Signatures
-
Vipkeylogger family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d.exe
Files
-
e275dfa60c086c3cab4924b19964370b84df960a25fb6c4303a3c0b179acb62d.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ