General
-
Target
te.zip
-
Size
965KB
-
Sample
201212-3m21lwlxcs
-
MD5
291b2906ea58460df28b58f2029c1cf5
-
SHA1
c8e969ddaa78217f39bc49011e50ef5fd8bc5133
-
SHA256
7b74117a34e84a659a35437ab43b27c55f129c1717f92b116dc5533c27bdbc5a
-
SHA512
dfd780f8081251c7dd83ea107452a03149a576e3ea80a6c2ec1f6344fccd8d10022d9e857a51e2cc39d45656937495cb8bc3428967717f8b85a8296ac7690eab
Static task
static1
Behavioral task
behavioral1
Sample
Vape V4 Crack.bin.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
motionalt1@gmail.com - Password:
you@regay
Targets
-
-
Target
Vape V4 Crack.bin
-
Size
1.7MB
-
MD5
6a669de1d724cc4874c42ae535ca892d
-
SHA1
de905655fd632fff874bc907726e9b9a16886ea9
-
SHA256
5d45d76577ec4d7429bab8dbfa6f5ff52d947a5c7c6f9ff373456e0c3703e454
-
SHA512
23ed610d8a5803934a2a35de40fbd3e55a91d89b436812e0bb8cc692e8d10ce5a9e10e63267084461b13d50a5eeac5ed45df67950e164654e6ba8de859921708
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-