vipkeylogger | 2276-4-0x0000000000400000-0x000000000044A000-memory[.]dmp | Triage

Sharing

General

Target

2276-4-0x0000000000400000-0x000000000044A000-memory.dmp
Size

296KB
MD5

427119d6a8d3294f3f38371faa95a90d
SHA1

3c368413ddaa3806c341593dafb842184a96f1fb
SHA256

053ce7781e2875d67b42781553731eabc934731f193b288271c7ad4265378c2a
SHA512

28a003d58fd01efecca95a510ba2782ca767760fe27ce520580713e841656c78907c0a028d48e76faeb5ccc1edb7aad33c5579cb89b4738a00c9aa2660ec0464
SSDEEP

3072:UrOjfdt9boLZt7rSwrotX1riUfO4MpHOFh5OOO5nVblQfDsoCUYTVg4i3bbY:DM+rO5nVblvSb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
millenniumauto.org
Port:
587
Username:
[email protected]
Password:
peterchia44844484
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2276-4-0x0000000000400000-0x000000000044A000-memory.dmp

Files

2276-4-0x0000000000400000-0x000000000044A000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ