General
-
Target
VapeClientExtractedFiles.exe
-
Size
77.4MB
-
Sample
221201-l6klnsgf89
-
MD5
0b73f5d95f6c189782938606d19c7dd9
-
SHA1
a317aadd08c87dd0447f84255e69e051383a9580
-
SHA256
3690607313cef850d9df2f435d48f23b6569a539ae11111277cabe4dd807fa3a
-
SHA512
684e4d855345db89527011b5a5bda77ae7489281d297d0ecfc46e6c2ea3ecca696e354dc0a7bae93d381cdb385abc6b633f458a3ecdd11586ffaf62cf0dfae45
-
SSDEEP
1572864:22tc+1XlzYoiM31ZkU+xPmbhnn6kNO2F9BeakTSWF9ats+ssZ:HceFiM3x+tmZ6kNN9R5Dse
Static task
static1
Behavioral task
behavioral1
Sample
VapeClientExtractedFiles.exe
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
VapeClientExtractedFiles.exe
-
Size
77.4MB
-
MD5
0b73f5d95f6c189782938606d19c7dd9
-
SHA1
a317aadd08c87dd0447f84255e69e051383a9580
-
SHA256
3690607313cef850d9df2f435d48f23b6569a539ae11111277cabe4dd807fa3a
-
SHA512
684e4d855345db89527011b5a5bda77ae7489281d297d0ecfc46e6c2ea3ecca696e354dc0a7bae93d381cdb385abc6b633f458a3ecdd11586ffaf62cf0dfae45
-
SSDEEP
1572864:22tc+1XlzYoiM31ZkU+xPmbhnn6kNO2F9BeakTSWF9ats+ssZ:HceFiM3x+tmZ6kNN9R5Dse
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-