vipkeylogger | 1739861824b75a9f8eefb234627424d8006aa29332666d4728e6ec2e69d198fc6fbcbc6425122[.]dat-decoded[.]exe | Triage

Sharing

General

Target

1739861824b75a9f8eefb234627424d8006aa29332666d4728e6ec2e69d198fc6fbcbc6425122.dat-decoded.exe
Size

271KB
MD5

ebebf7dfcfb35a9c2d66c4cd8842ed7f
SHA1

cfc48332791e50ad3dd2ba09ab43b31c69e3a2fe
SHA256

d9f5437f1b4cf3662a47d1234cf3ef5d7d6e6d657306f6c8970e463f6016e32f
SHA512

58907b27f0347b8744a3e83a4fab0a4bffd6fdbc11a751655cbe618ca06e2f241bb7c82bf198085c37bd6c35a6f4239abb66be19079e301e343d1d6b8821db81
SSDEEP

3072:wEtvwV6Jm/j/xI3DRuvbnr9EUkmZV597Z7JHaVSb7r/8soYZYTVgfi2bbY:ALjrDkSbRXb

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
turkey.ipchina163.COM
Port:
587
Username:
[email protected]
Password:
&#!T=3]}zHGa
Email To:
[email protected]

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1739861824b75a9f8eefb234627424d8006aa29332666d4728e6ec2e69d198fc6fbcbc6425122.dat-decoded.exe

Files

1739861824b75a9f8eefb234627424d8006aa29332666d4728e6ec2e69d198fc6fbcbc6425122.dat-decoded.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ