General
-
Target
VapeLite.exe
-
Size
60KB
-
Sample
230419-bwqd3ahc4x
-
MD5
2c18f9f475cf661c784f95b8c43f0fe1
-
SHA1
b8b125aa65b9c5f7a7015415e21a4c4b263c8388
-
SHA256
7ae958d30d0e97289b4b23fa487450cd45f8f9f72b6f9507c423fabce204dbb3
-
SHA512
dc9d8e897dde91f54e3104219a99f3d41e7459fb538fc3cf15c0ad9774ca700763b6b47495fb711ff4763bbe7e261d3019c850ac636df272ba0e61036b163f05
-
SSDEEP
768:bOucKn7n1JVDNANIUKRvLDwUzc80gmq3oP/oDn:bO2VDNAPcr/0O8/oz
Malware Config
Targets
-
-
Target
VapeLite.exe
-
Size
60KB
-
MD5
2c18f9f475cf661c784f95b8c43f0fe1
-
SHA1
b8b125aa65b9c5f7a7015415e21a4c4b263c8388
-
SHA256
7ae958d30d0e97289b4b23fa487450cd45f8f9f72b6f9507c423fabce204dbb3
-
SHA512
dc9d8e897dde91f54e3104219a99f3d41e7459fb538fc3cf15c0ad9774ca700763b6b47495fb711ff4763bbe7e261d3019c850ac636df272ba0e61036b163f05
-
SSDEEP
768:bOucKn7n1JVDNANIUKRvLDwUzc80gmq3oP/oDn:bO2VDNAPcr/0O8/oz
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-