047758fad4c08391983353e9aef6b934c9fe4e860d63a0f6908aeb44427924aa

Sharing

Copy URL

Twitter E-mail

General

Target

Only Run VM.zip
Size

32.6MB
Sample

230331-tk28labd68
MD5

60c645fdb16b258fb5cc9d24f56e1000
SHA1

b6dddf94d84a2eaf43ddfce2b844ea954088ea1b
SHA256

047758fad4c08391983353e9aef6b934c9fe4e860d63a0f6908aeb44427924aa
SHA512

70c79dbebe06329f52c10b1d9df70b09d789f18f292cc7a38b789b2e86d6d0d8f47d4bebcb31d36d8115d726e8c47e19d8ee7346c487c9aad8e6ba76addf2691
SSDEEP

786432:+zmE6WDw+y3JnXKU19sOsMj/Y/KKVCIsVnwaenx7HBGR9117ENducg:+iEPDwl5J3Oj/xVCj5+7HBq7iFg

Score

9^/10

Malware Config

Targets

- Target
  
  a/A.class
- Size
  
  459B
- MD5
  
  7e84c10cf728f10bd45a5748c3fcb9b6
- SHA1
  
  7b673743e65dfb9b1fcd002978870cefbfe3d18f
- SHA256
  
  b2ef7d4b367f4f496ab15bf652944f023bfbbe931cbd854705a6861a5f457b8d
- SHA512
  
  378abd876f52774427d3d9c990276802bb5ee3072bef901268ba4200f9f6555f67458280c3fb9e2b3f8f64831eed725f55e8fe597e7cc5d16998778dc1776710
Score

3^/10
behavioral1
- Target
  
  a/B.class
- Size
  
  2KB
- MD5
  
  ff3d7b022d9a8c6cb557b8ff7cb5e7bf
- SHA1
  
  da29bda243cf1bf76e75b107415ab997b2fc8690
- SHA256
  
  bacdaa856875ab1225bbf95377bddef5e0bd9771914c6546d48fb538b3959d9f
- SHA512
  
  d9edec14468b66813d46db1f5e495da1c2d9257e5e46790f9bb2da062e237e72b939f5a202575f5d2ecc1d205a16ab3685255012f9cdcac27d3db2b77f129988
Score

3^/10
behavioral2
- Target
  
  a/C.class
- Size
  
  1KB
- MD5
  
  d764074b6f330f1eefcdd5abb9166a68
- SHA1
  
  78241182a42c1b4ddc0296c43da83683f3a8707e
- SHA256
  
  fcfefe43b8197093bcd22ec454efed531c863dc3588ad39d0fa420b482ce42e9
- SHA512
  
  0fc7677048791d8e0bf38ebb38287f7c42b14a79c8fb9a28c96d5bbc81ea1ff98a342bdcc8075b25a34c2c9229bb195ff7c4f92d0e80059cc79e92ded591c9b0
Score

3^/10
behavioral3
- Target
  
  a/D.class
- Size
  
  11KB
- MD5
  
  cc758c7db91ebdf83418bcd7d9140881
- SHA1
  
  4e544fb116b31275952fcf814689559a058b91f6
- SHA256
  
  246e8f6a15f89b015020726410f645627458ec662f63e368371466836d03d256
- SHA512
  
  3791375561fa874ef69804a669e1618785fb093292d042d55cb134d73bc7bd201d447e87fb0f7cdf062dde2d37d821b244f79d9483f4989349cf7eb515321279
- SSDEEP
  
  192:oLVYmhTk9BlsU6TOsQfYE4qc5xjVFz7YGKOA:o+JmSHf6r9hA
Score

3^/10
behavioral4
- Target
  
  a/E.class
- Size
  
  8KB
- MD5
  
  f21f97ce719932fa220a94347b7606ae
- SHA1
  
  6d21d62e5b2a03d4c43df1952807fd0d6f235f65
- SHA256
  
  abbd083a033bdcbe7107f53165840ebcabb75a1e2f2b6d099aa0105c3043aec6
- SHA512
  
  13d05dc1967b5711d1a6fb85f23efa6075482d96569cfacd847f97cb996a3627684b5b5d1abb672bc2eb4d605344550f660e20fc4a4b37ce1660743a5e672787
- SSDEEP
  
  192:2jqb6XDanqp1GyBlHbZl54XGqCzaoZJeolZOiX:AXDanqp1RB1ZlIYuCJeO7X
Score

3^/10
behavioral5
- Target
  
  a/F.class
- Size
  
  10KB
- MD5
  
  1cd31f67b6eff531c2d95bb0e174c1e5
- SHA1
  
  39df1f73df968ea4d50de3d56b6b2f474187abd2
- SHA256
  
  962b91f47d2094c2c6c496acc3cd197022ad997a0066992783603d35a959ec1b
- SHA512
  
  704ff6ab965f4a90c23203d319e2f9c0c643c7b810cc2be1a5b1c7c4173c458a8161ea8ce5abcfb106c8bf56bc304ad90ce01059f83742c9b3484f382f773e06
- SSDEEP
  
  192:Nkx1TRLrggzdor0pGlnQl/NRAW+ndFqyPhSCH6o:NaTLrgUdor0pGqNCLhJz
Score

3^/10
behavioral6
- Target
  
  a/G.class
- Size
  
  1KB
- MD5
  
  e5563ccbd26b9b95c810c7174ced2efb
- SHA1
  
  ac5c751e6d51ce3f0a3673e2ceecb1ef2d6ee718
- SHA256
  
  1fb7f6570f4fb53823f8bda7b29327930eda0d7d4af53d22648bf2a79a173b3d
- SHA512
  
  dba3c8e9874fc988d03a3e630fe9a58bd3a89295dea526007c99ae42e5b48846dc9b6f97bf6277f571dcff89c72c23b5cfa9aa93696eb86c444447ff2e344710
Score

3^/10
behavioral7
- Target
  
  a/H.class
- Size
  
  401B
- MD5
  
  8b32607921d33725facfb12c68aa7691
- SHA1
  
  05527d92fd44ae4b4ec683a416560cb8bf959593
- SHA256
  
  a686598429c3a28f8dd028fc17bc4be3d5834ba5125694957e24855ae46a8f5f
- SHA512
  
  c9e2ff4e4654b04f063543f06def1ad43cdd10f741c5a4e43e3ee391a92fe5e6d7e49d507ea2db8ed2a57d83015d92b78c607c6ed4075906c1d8e866af2577ce
Score

3^/10
behavioral8
- Target
  
  a/I.class
- Size
  
  623B
- MD5
  
  ff7331fe41086589e501b2d8a3c729f9
- SHA1
  
  c4544d33c731f83f99bc07ce2ade2a78081eea56
- SHA256
  
  26e32f857989fffefcf602eb403673eb8e372c675bd6949ec3043a4b50a902ca
- SHA512
  
  3bd8960f9efc45d3732d8ce367535106f07555043622cf7d95bc2f3505274dbbe205b9f555c8ad28f7c1a934c96df04c5de97ed7c0c48dc5f387cd4ea34e890b
Score

3^/10
behavioral9
- Target
  
  a/J.class
- Size
  
  358B
- MD5
  
  fcb3ee8a38a5c46d50c0e93c66a2be33
- SHA1
  
  d2cfbc0682adb7459508c2002882b1e90e2316f8
- SHA256
  
  3d0850ca70e2b232793106f986d3c2c2fe09fb858eaccebdc18d35c4ce039da6
- SHA512
  
  76e34184aceb9a920aacc389fe444192dac12956efd1ebbcfbc7a785f2cd0fc61022a339281058ecf508308188bf65fa99731a5a6ad56a11b710bd6946f73d12
Score

3^/10
behavioral10
- Target
  
  a/K.class
- Size
  
  1KB
- MD5
  
  7a84b844e77169c720b77f1792097709
- SHA1
  
  d67a6d13ae0adb275227672d3ffdc9c39ce2c3d1
- SHA256
  
  fde2f18b0a8df1e8113c5dadb668394ebcf2a0a622657f213ee818f7e232aec5
- SHA512
  
  9e19a02d2924e00f4528f660ad76ec0603eda2e4f66bb53e121d0106d4920ac0a607fb59fd06012a12326d13897e2eb05c93ec663a37623c30543d82f968aff1
Score

3^/10
behavioral11
- Target
  
  a/L.class
- Size
  
  319B
- MD5
  
  2de8654279d6cd1af2d4d6fd93eabbea
- SHA1
  
  b5237dc27e4c0193b4034e12073a85e16538c4d9
- SHA256
  
  039e54573efce0fa16652e60f13ead0b4e3f61a00ba5a5788770c8f065c17257
- SHA512
  
  1dd3e564c83add19b9757fd93c8205606c24005ae4525ec2b2c7d6ce91a45a3ad6b5a0cef11befc4eb6ce1daef105bb39c87fa898157a465f1be6bdfc3d24129
Score

3^/10
behavioral12
- Target
  
  a/M.class
- Size
  
  2KB
- MD5
  
  6cc689f3a6724be505f04fab10d5425d
- SHA1
  
  7a208a4b438b7b4a0d51dbc5dad290f3010467f5
- SHA256
  
  66622646978ce0d9d6d9e3791dbdc3b4d1749dfd3e5df11e2dc0ab50cb82cdd7
- SHA512
  
  952bd9611dbbc0d96cc57d4da07cf28272df138c0a0648cea6c7f5f89f02800a9a9a583040419936712a1bb70d8eab0817af956c52a4f7b1d725fffbd799d2c9
Score

3^/10
behavioral13
- Target
  
  a/N.class
- Size
  
  3KB
- MD5
  
  9d9aade75e1acfda823e40118097d772
- SHA1
  
  88d136ef6f510e35b134a9c1396245b4706613b5
- SHA256
  
  815b06680e9e9c2f6de1a67aff64f71dc4730707f4e0882c3432f27d2f0bf15e
- SHA512
  
  95dacb9026b15b315d1eda4e78ea7d899c085e97da1eb686986c27956f56fcd89392edf8b3cb8b53d70c8118503d4a967cd6ed016a865d8c923785e9f9e53b10
Score

3^/10
behavioral14
- Target
  
  a/O.class
- Size
  
  3KB
- MD5
  
  1882ea5b1cb86acaa8a0508028cd0391
- SHA1
  
  72bab4529aaabeb385555d1305a991fc1c064cec
- SHA256
  
  0c7aaf33032e550ca5b28354672fe7d286bfb1f0e6f4335c3801f0246b7b0863
- SHA512
  
  3133b75a0eb56eae6cf3b25e1ef038ef5ceb257b65f5663a29a913f6a1a684e99f383df7420a6bd410a0bc527641006df8d7b193c61e75b729a9e5e5d6464cc5
Score

3^/10
behavioral15
- Target
  
  a/P.class
- Size
  
  9KB
- MD5
  
  6065264d1600e10e5fd3731ca3ac6429
- SHA1
  
  32779e8f95bb750c82071aa34638201aed1496d5
- SHA256
  
  5d2e7204ef7686cb223602ca49e6476503605d6ef36623b7659173d00afb48b5
- SHA512
  
  c056c1f96e3de1966e64fd1ec2048e1b7133d0fb5d40a5e192f1e6e121267ecdd624bbe7e8794157a90e2e08ede2c6bdf2f5db17c8e847e2bb31084c1358cfed
- SSDEEP
  
  192:WSuVUZoI6WoGRXn6alK8+Tr8EvOt0AjFGYKUiEpD:tSEoGRXn6aQrjmyAjV
Score

3^/10
behavioral16
- Target
  
  a/Q.class
- Size
  
  498B
- MD5
  
  905ab3216948b8f7f2b15f81f04e1d12
- SHA1
  
  2f19c6ab9b4f10800cf53b145578791136265b62
- SHA256
  
  8f18347ede45a70dbf2b8b9488b4f140ea9e49d3130afc82d2a24bb43a1fe626
- SHA512
  
  c5a903f1e02cfbbbe02d22ee1b4f72d36064b134ba80a8951a02a63232a9534e952d49520a5f0b23383457faa12bcf80d664a8db7685f7e0f999be12b49cfa0c
Score

3^/10
behavioral17
- Target
  
  a/R.class
- Size
  
  8KB
- MD5
  
  86d75308f7c8d22a81d09fb66011ef6d
- SHA1
  
  be95cacb0bcbf78b5e7a04fe5069200307ed9ffc
- SHA256
  
  31695c452baa07c0a32de3717ce79171539478af6e9c4290d8bf4e5d8b94b5e8
- SHA512
  
  910916fd0007c7c3b83903a6081f07e068deeabf56cf6187eb2359dd429f3f04c4ff4cc797981556c5df2380cefebfaaf249e7ddc169ebe369c32b206daf08e3
- SSDEEP
  
  192:ETlBCpGSBOo4YgQvLhleFeM2+pkpCQyfIcXV:0DxSBOo4YgQvlYF78CQyl
Score

3^/10
behavioral18
- Target
  
  a/S.class
- Size
  
  2KB
- MD5
  
  709fd286e42123b0acce010b757e3424
- SHA1
  
  f9484385398464af98897042a93686dc253cda7a
- SHA256
  
  a448bd9527a59cbda704d9a861fc3c342640c9828c6bc5e80d3c967aa46f76e5
- SHA512
  
  8f7c79ba358c6f8031e758e13c99ac1be21751235a1be2e03e4174a50d71635220db92c86151be3ebfd1f143cb1547fcbb372461b5b2c71fc02a6232b54f3064
Score

3^/10
behavioral19
- Target
  
  a/T.class
- Size
  
  13KB
- MD5
  
  ee2936c22fcf4d2d6c79f72f9fbad776
- SHA1
  
  0d9b27caf08e1959a71088b2064e64fce11615b1
- SHA256
  
  96e3dc3c8c6a52d0fd134fbadb9eaa28b128a0d391778e38ee5be8dec4306082
- SHA512
  
  86d6a1c9f6aa3df9448240ce10209f30af15e890758f1fc5c0615227691ff67488cbacf0ac6a6bab40bdc627959230c5bcbe46f9fccdbdc5ae34ed6105664ef1
- SSDEEP
  
  192:ReyKPmxzPN4PK3/FgQN0uJylCkx2S8FSTLm7v2SiEZ2ztXGnvnHE2CXXdjui:RjzPNAKeQN0uEwFSXmhG2nvnHQXX8i
Score

3^/10
behavioral20
- Target
  
  a/U.class
- Size
  
  785B
- MD5
  
  99fd6bfec4eebd74496b9e3d1741aaae
- SHA1
  
  fa030e73475369daf169d8361412e1a99263a4cc
- SHA256
  
  7fb6664d49bfaa66bd1ddea113f46af88a33cca276166c5b04f8a4576be4e9fc
- SHA512
  
  35f99a2910e59c7db9c2231886eb2355a19702bc964723b3a9c1e5a72c1eec1cbcd57e5897e3a1e7375ecbb93925fa2a4ac2a1d1ab0d85c5026a8737a2c62ccd
Score

3^/10
behavioral21
- Target
  
  a/V.class
- Size
  
  417B
- MD5
  
  f9fa8d5d68d445690328bc3fc7e91e90
- SHA1
  
  aa8fc5f5912d70caa9b434364febd4e4b5f288e7
- SHA256
  
  0644db525c9b2e6706e1194943fe7ceb14517bb02b5657bc6635639edbdd311e
- SHA512
  
  744851037385d9a5d647035a14693803054966589f87e2543eed9f878170b9b872fc93d95fd07798a6121bcca8120a93bb8cb0facc943cb36dcf7659f0ec8ea0
Score

3^/10
behavioral22
- Target
  
  a/W.class
- Size
  
  1KB
- MD5
  
  b598fb613cdf0302e0a14b8818fa8547
- SHA1
  
  229b28f3422463bc71d8580764ac1de3375888e5
- SHA256
  
  89cb3e7830dc8ef34dc3848f89e7450d9635656a62f4a8c004ede1db15ff526d
- SHA512
  
  aa220fd6c01383e3e524e824e33c0d14261dbcf122037b7cea0fda006bde2834b195bba3d0012c274b628c3d6130283034ab5cefcaef8a1ef4b3fdf359580444
Score

3^/10
behavioral23
- Target
  
  a/X.class
- Size
  
  592B
- MD5
  
  0ac65a84787d0157677cbac2eea08d11
- SHA1
  
  4308892c11109923d641ffb53955cb7a108920c7
- SHA256
  
  f8b88ca2c794e3f429965d55da31815100980e123a445a907cbc2e2fa2127a81
- SHA512
  
  e9436f8ab8dcdbd83b4ee4a857871b469ff12238b086c01692b59289ed310fd9db34d3466638f8094784a4b17d767d66464bc97d3490291cce0c0ee5e4e161b0
Score

3^/10
behavioral24
- Target
  
  a/Y.class
- Size
  
  8KB
- MD5
  
  720cf2a979954ef614b0c502927f15a8
- SHA1
  
  6eb3753905da4f67e1bb3e1325bb8e9aa834bf91
- SHA256
  
  c901708a380547e16260a21361d8174ba7934565e2a19f5a2bce2bc8bda9f61c
- SHA512
  
  d5dd872774942aadf030abbad9713bcd001cd5812af44f6a06e117fb6be9e833dd20f8d829f613370abaf1527dc1a7dcf8f4ad0a25450af3301a56736d5fd620
- SSDEEP
  
  192:ydYYeblP1antvUDzlg+UwAcMMzmP1DOsSTYBx2wiB:ydjWt1antvUDzO+sMmP1DOsUYBxYB
Score

3^/10
behavioral25
- Target
  
  vape lite/Vape Lite/Kangaroo Patcher.exe
- Size
  
  11KB
- MD5
  
  bf28450278273ab1c3ebdd4c98bc9222
- SHA1
  
  4eb8db0a3816a4d6a627a4fa9367b46c787968fe
- SHA256
  
  2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
- SHA512
  
  6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
- SSDEEP
  
  192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score

1^/10
behavioral26
- Target
  
  vape lite/Vape Lite/Kangaroo.dll
- Size
  
  37KB
- MD5
  
  0202563145fb353f35c915cdbe5474f8
- SHA1
  
  01b1ea50745a3824e68330b0339a44e27c9068e9
- SHA256
  
  5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd
- SHA512
  
  8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d
- SSDEEP
  
  768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27
Score

1^/10
behavioral27
- Target
  
  vape lite/Vape Lite/Vape_Lite.exe
- Size
  
  6.6MB
- MD5
  
  3459f3a3d65fa445d1eb52611ac55f6c
- SHA1
  
  135c835edfeec60e41bc1b24f1a10ad7a86c9a00
- SHA256
  
  9c85d76526d585038392e1af504886580d096e9646de2907b73feab521920944
- SHA512
  
  1dbf42476304cefd859754f1d8219c0b37cc5b2885527f874245a37df5e1145dbcc1ff1ce34bdf0fa47df8a503e37244ff07a37bb92e8f2514533d8a89926d8b
- SSDEEP
  
  98304:MsRRwjPcDZ3IFTbWJ6tWUQSPZyq2XOD6gwosVvC8pQ6TYupGFBUMnEB:MsRKjkNcyDVSROtgwJVvHjTrUIMni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral28
- Target
  
  vape lite/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral29
- Target
  
  vape lite/requirements install.bat
- Size
  
  31B
- MD5
  
  ed479ebacddedec77a46c27cc0e6a94d
- SHA1
  
  7b1855527317d0124ebeb726defa838d54e9b663
- SHA256
  
  f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
- SHA512
  
  41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score

1^/10
behavioral30
- Target
  
  vape lite/server run.bat
- Size
  
  16B
- MD5
  
  b50fc33edb46d785b84d969ac5fc6fad
- SHA1
  
  f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73
- SHA256
  
  7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c
- SHA512
  
  ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee
Score

1^/10
behavioral31
- Target
  
  vape lite/server.py
- Size
  
  31KB
- MD5
  
  491f1d7472b87b9416ac8399f8bf0aa7
- SHA1
  
  5883fb4c311c9ff998c3d612c4a96cd8b4af7a53
- SHA256
  
  161389d4ca6ef5a6e6c737fe57a6d8fb9b4200cb9cd35a429b52e0bf05778a73
- SHA512
  
  3ca1b8149299a9fc160445fec9a881955926a64745971b1ff59f15d705b118be4fd05abbc9e2ce9354feabc9f65d939cd0a94d7f58c52a91588a0e174cc180e4
- SSDEEP
  
  384:kix6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6m1:kif2MS6kAfukNcAV
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32