vipkeylogger | embin[.]rar | Triage

Sharing

General

Target

embin.rar
Size

53KB
MD5

497f978f019baf729e6f8079ca3a8366
SHA1

bc4489cc6129965b356bb82b512a9310b4ae42be
SHA256

a064481b803787fdedf78f6681a11f43dafdd3400a905ead07dc4355e4863443
SHA512

0368af9b307032a91344f384ea881dd2ca3b230de4303c78648c39969fad48466132a3e8e396870b750c1d9a8f456ac631a7e47286f6f566284b78362fc83ea8
SSDEEP

1536:oPJ7egwfrY+Tm6NUnqcGsuEb5A/lNSxduG5KD:oP9QTYADEbW/lEdjI

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

C2

https://api.telegram.org/bot8194220836:AAFziUptqWGS3EyN4PwDY-PrwZ46wPyoU2A/sendMessage?chat_id=5934249759

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/embin.exe

Files

embin.rar
.rar
embin.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ