d139be2ca855729540430db759a1c5cd3aacadde28fe65825f369ef805fd2b0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vape.zip
Size

12.8MB
Sample

230210-xfvvhaff27
MD5

6938281df01601c3fef9603a8aa3a8e9
SHA1

2f5ac397357087243a0d0b9e4323ae2b78893c16
SHA256

d139be2ca855729540430db759a1c5cd3aacadde28fe65825f369ef805fd2b0a
SHA512

30b82bf9567dfef220d3c0014b2e6d983fd81d7c5f3e9836f91d255050015407d59fa39dd2fe41b565c9ca32c4103bb103000a8720f41477a4c0d3596e3e8d71
SSDEEP

393216:HZm+u6Fs8JD0uAC+y3JTFi8Q146lNTD2y5RqP/:5mH6W8JPAC+y3JTF3/6H2y58

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  vape/Vape_V4/Vape_V4.exe
- Size
  
  7.6MB
- MD5
  
  7407fd99ee1940051b4f543656ea9b0a
- SHA1
  
  7149b25db501b75111ac77fe4bcfe6915058757a
- SHA256
  
  bef628b23396d36849beac1bf633859d02f82ae9dc877281862b7e9e85148ecd
- SHA512
  
  804a257e128f54d5febaca7424f308403e092f773119075270b89d8721e9cc91e3b7adc402ad9a9fbb252b5af250745d2f6a34f523f30b1f08c212aea0e5b75d
- SSDEEP
  
  98304:g08oqEGSxQo0nYD20QB/2IuD4fb9e9z2FkZgFkrSyt85ZOnhAug8HrtqA:JnZr0YyG25eIFkKFFZ18H4A
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  vape/requirements install.bat
- Size
  
  31B
- MD5
  
  ed479ebacddedec77a46c27cc0e6a94d
- SHA1
  
  7b1855527317d0124ebeb726defa838d54e9b663
- SHA256
  
  f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
- SHA512
  
  41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score

1^/10
behavioral3 behavioral4
- Target
  
  vape/server run.bat
- Size
  
  16B
- MD5
  
  b50fc33edb46d785b84d969ac5fc6fad
- SHA1
  
  f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73
- SHA256
  
  7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c
- SHA512
  
  ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

behavioral5

behavioral6