General
-
Target
Vape V4.exe
-
Size
15.4MB
-
Sample
220911-j3kq6afafn
-
MD5
2644d31d109b39fe48c48aff8d0d0938
-
SHA1
8ffdaf29a7ec510d8692e2a564ebbb45b606cad4
-
SHA256
261ea04b1a662ec3023152280cad1cc386574942d170cc452d29203509b8b859
-
SHA512
005605099bf3848a6bc388163a5066f4db44a724866e707a243cd992546a35ade91f158f589f5b03fc467b461c394fb157022c38b68902c66e0fc166dfafea57
-
SSDEEP
393216:u58FYmNNY7izB8hM0pyd6qghoOwcX7vfGfLLbGjLiIE:CWSizYyW+cXDKLLbm
Static task
static1
Behavioral task
behavioral1
Sample
Vape V4.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Vape V4.exe
-
Size
15.4MB
-
MD5
2644d31d109b39fe48c48aff8d0d0938
-
SHA1
8ffdaf29a7ec510d8692e2a564ebbb45b606cad4
-
SHA256
261ea04b1a662ec3023152280cad1cc386574942d170cc452d29203509b8b859
-
SHA512
005605099bf3848a6bc388163a5066f4db44a724866e707a243cd992546a35ade91f158f589f5b03fc467b461c394fb157022c38b68902c66e0fc166dfafea57
-
SSDEEP
393216:u58FYmNNY7izB8hM0pyd6qghoOwcX7vfGfLLbGjLiIE:CWSizYyW+cXDKLLbm
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-