Overview

overview

10

Static

static

Vape V4.05.exe

windows7_x64

9

Vape V4.05.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vape V4.05.exe

  • Size

    13.9MB

  • Sample

    220217-jbvr2safb3

  • MD5

    b26285219a7d20505e4a8628fe4092f2

  • SHA1

    9b0109eb2e0fd5a401820262fe9a8272600685b1

  • SHA256

    829e4cdc3b9823f5967f4d84c0a5f0e654e95760d09eb5de9c9ad91544dc9478

  • SHA512

    da09d8e018d77c5cd4d56afc03b4228fdf5a9dbca0294c41f2808a7f106ad118253b895db87f6f6461b11830401e07e304c92572a0678bdb390e5e9b67cbe7d3

Score
10/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      Vape V4.05.exe

    • Size

      13.9MB

    • MD5

      b26285219a7d20505e4a8628fe4092f2

    • SHA1

      9b0109eb2e0fd5a401820262fe9a8272600685b1

    • SHA256

      829e4cdc3b9823f5967f4d84c0a5f0e654e95760d09eb5de9c9ad91544dc9478

    • SHA512

      da09d8e018d77c5cd4d56afc03b4228fdf5a9dbca0294c41f2808a7f106ad118253b895db87f6f6461b11830401e07e304c92572a0678bdb390e5e9b67cbe7d3

    Score
    10/10
    evasionthemidatrojan

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks