Overview

overview

10

Static

static

3

VapeV4/Vap...er.exe

windows7-x64

10

VapeV4/Vap...er.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    VapeV4.zip

  • Size

    60.0MB

  • Sample

    240511-f3h1saad46

  • MD5

    95aedd7414b383ed9207896be96abf6c

  • SHA1

    9868bd4f5ca22b979ab8315306df40aa2b1a5ac1

  • SHA256

    2f59d7e5e47ae34b47b80d35cabcb64b156c96be58c3a4af8933a3e2fc4e06f9

  • SHA512

    7b084f47bbea5658f97b6587a0136dc1fda22b7c423ca4e3783f9c9e9e08d6b4f536150361414050b2bb0beb981c8ac557f54503bbe0026cf5f4878f32a18653

  • SSDEEP

    1572864:y4NfTG8zT9GFAV3ce8Ywqlk8blpcotTV8VJyP78KVQq9:y4dPHIFyVKrv6YKKq9

Score
10/10
revengeratstealertrojan

Malware Config

Targets

    • Target

      VapeV4/Vape Launcher.exe

    • Size

      60.0MB

    • MD5

      06f5e5c7664b2a7722ab7ece37ba9c91

    • SHA1

      e868ee80c5408d720793f9bf43e8d2e31c4f9aff

    • SHA256

      a3defec2912ae679020714ef9be85775b4a5fd31be643f29258752b75eb918aa

    • SHA512

      23f2a79bce0f816c97673a6f985615edfa7eca704a0155ff1137107564f2f4fa4547f2ba09b7dbba79537f1cd825019543b9d8a00f0743cec55ee85060adbcc8

    • SSDEEP

      1572864:6HNfIc/bDS7YL3iUqekIR681ttq+NDVK3ZiFx4mdSG:6Zzz+7stopJwCmIG

    Score
    10/10
    revengeratstealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • Nirsoft

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks