General
-
Target
Vape Lite.exe
-
Size
13.7MB
-
Sample
230128-y18grsgb92
-
MD5
5e2d657a39c8a243c6d781f20f98f38f
-
SHA1
4088ae74ad0a22a7640bfe74e0f53479e555cbf0
-
SHA256
2b2071a6b8b552691034efe266ccc13cb72ca20fc25ef4347b748a7cc02e88ad
-
SHA512
d0fda8495bf027b48cc3afd26a6efd47135a7712f4cbc5d372bb01216a7e9064ab8fb924abb3b6386ee23a165824194c8e4b76ef31d3288712af227daddfd3c3
-
SSDEEP
393216:fpNdNeyLeQ+gPYxto0eba2gtgebkkC7E:fdQyaQJPY/ca26gebME
Static task
static1
Malware Config
Targets
-
-
Target
Vape Lite.exe
-
Size
13.7MB
-
MD5
5e2d657a39c8a243c6d781f20f98f38f
-
SHA1
4088ae74ad0a22a7640bfe74e0f53479e555cbf0
-
SHA256
2b2071a6b8b552691034efe266ccc13cb72ca20fc25ef4347b748a7cc02e88ad
-
SHA512
d0fda8495bf027b48cc3afd26a6efd47135a7712f4cbc5d372bb01216a7e9064ab8fb924abb3b6386ee23a165824194c8e4b76ef31d3288712af227daddfd3c3
-
SSDEEP
393216:fpNdNeyLeQ+gPYxto0eba2gtgebkkC7E:fdQyaQJPY/ca26gebME
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-