General
-
Target
Vape V4.05.exe
-
Size
13.9MB
-
Sample
220217-h98k5aaeg8
-
MD5
b26285219a7d20505e4a8628fe4092f2
-
SHA1
9b0109eb2e0fd5a401820262fe9a8272600685b1
-
SHA256
829e4cdc3b9823f5967f4d84c0a5f0e654e95760d09eb5de9c9ad91544dc9478
-
SHA512
da09d8e018d77c5cd4d56afc03b4228fdf5a9dbca0294c41f2808a7f106ad118253b895db87f6f6461b11830401e07e304c92572a0678bdb390e5e9b67cbe7d3
Static task
static1
Behavioral task
behavioral1
Sample
Vape V4.05.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
Vape V4.05.exe
-
Size
13.9MB
-
MD5
b26285219a7d20505e4a8628fe4092f2
-
SHA1
9b0109eb2e0fd5a401820262fe9a8272600685b1
-
SHA256
829e4cdc3b9823f5967f4d84c0a5f0e654e95760d09eb5de9c9ad91544dc9478
-
SHA512
da09d8e018d77c5cd4d56afc03b4228fdf5a9dbca0294c41f2808a7f106ad118253b895db87f6f6461b11830401e07e304c92572a0678bdb390e5e9b67cbe7d3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-