354aafdbc9a8adcbe4606bb69e423390990fcbabcc0aa5871b64a1f425719146 | Triage

Sharing

General

Target

vape v4 legacy.exe
Size

10.3MB
Sample

240327-q4ygzadd66
MD5

dcabccc273edfee0e0b1ce0bdf9c4ac1
SHA1

9eb68d706e55cd77a3006bedb3cba788d90e4a07
SHA256

354aafdbc9a8adcbe4606bb69e423390990fcbabcc0aa5871b64a1f425719146
SHA512

e76bc52e8ee9b6b4a987641a530bcf66485a724b5b1ff95659f57508e609a98243f3a3276894ffc1d67db1899fa43d4129281b3f1e2d06e299ac9055b8da013e
SSDEEP

196608:vgynrxTZ/xV6Kh0p6TKjdyR80llgwEgYEECfMdEH:vg4r5Z/xmrYgwEgYEEWMC

Score

9^/10

evasion trojan

Malware Config

Targets

- Target
  
  vape v4 legacy.exe
- Size
  
  10.3MB
- MD5
  
  dcabccc273edfee0e0b1ce0bdf9c4ac1
- SHA1
  
  9eb68d706e55cd77a3006bedb3cba788d90e4a07
- SHA256
  
  354aafdbc9a8adcbe4606bb69e423390990fcbabcc0aa5871b64a1f425719146
- SHA512
  
  e76bc52e8ee9b6b4a987641a530bcf66485a724b5b1ff95659f57508e609a98243f3a3276894ffc1d67db1899fa43d4129281b3f1e2d06e299ac9055b8da013e
- SSDEEP
  
  196608:vgynrxTZ/xV6Kh0p6TKjdyR80llgwEgYEECfMdEH:vg4r5Z/xmrYgwEgYEEWMC
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2