2a351bacef7d126d951da19494850b586ab4adab923ac41cd042d7ea2e6a4332 | Triage

Sharing

General

Target

Vape_Lite.rar
Size

27.7MB
Sample

240522-z79tvahb9v
MD5

846a39ea775916c0838e4352bf8b957d
SHA1

255ebf18bb667e2076b50a9641d540456a582607
SHA256

2a351bacef7d126d951da19494850b586ab4adab923ac41cd042d7ea2e6a4332
SHA512

d70e1458b711a6ed720e7a939a19ae438b9f775fc5913a0849607c2b04b3ee08b2a05efb66d284b09fe8141c0caff873ac479e30a3ef3ed10202b019e8dea55c
SSDEEP

786432:kU+GsbeASyhr/o/gTqwpFcxRapgUrGsbeISyhr7TmgTqwpFcxRapI:xCD5J/u2FWu9lb5J7q2FWuI

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  vape lite (fixed crack)/vape lite fixed/Dump0
- Size
  
  1012KB
- MD5
  
  03c1364f72d0d82516488f38d71e5f8e
- SHA1
  
  b0e7e5386792ad847f1bfa7a665eb84fe3ca2226
- SHA256
  
  610e11480fa719e99349c2f1cc1c341d7536410126ff98ba1d818afa710c5354
- SHA512
  
  6d3b8bc968f7ed9a8b4f3a9a7b509587c7a76e22d8bea76588c9c59dbd576ab9bda99eea0af4355c0e3c9c64591eef1de103a4b7d7a67eed86e526c3ada298d0
- SSDEEP
  
  24576:cSgV8bpRJLXZI94h9Pnj3lRJUt2FDvKBS/x72G6KiiQI2kfO:cCBm4hd3lW2F0SZqG4xE2
Score

1^/10
behavioral1 behavioral2
- Target
  
  vape lite (fixed crack)/vape lite fixed/Dump2
- Size
  
  923KB
- MD5
  
  ad06977e60ae9625e6c59e67e8a662c8
- SHA1
  
  85190907bd6cea7af2b4cd173bd43650ad21c6b7
- SHA256
  
  59a95e9499f9c6cd54ec4cdc283d1638a11c3f68d23c689407b0c2f04c66ec7f
- SHA512
  
  c6e5a5cc94b3dd2d64cf5d71bf2b3990de14572433bf1a922b0b09465c733e4591b7cb6c80fc7e2e1a19cff0596415635077e9657cda51725dbe75adce80be6a
- SSDEEP
  
  24576:j7PLXCoAUP6HpAZNuIhALdxR445Atfw9w50rdv:j7DXCoAUPAArN2645SdEv
Score

1^/10
behavioral3 behavioral4
- Target
  
  vape lite (fixed crack)/vape lite fixed/Python Numpy Installer.bat
- Size
  
  217B
- MD5
  
  729e49be9aa9c748047d23b892885009
- SHA1
  
  7e6646b4a44085694ae8d2b27f6369874bae51c9
- SHA256
  
  9307f0dea15d0608a870ba75137e9bebe9633a8e2c7fb5720e4d715bd7b2d730
- SHA512
  
  46de0fcd49af3a1094f52374df0baf1970d0857fa5617900000a1dd4946b093d7326aaf1df883dc2a4e7a4c6451843a57fc5e842e4abb843fadf8182d7d69e5c
Score

1^/10
behavioral5 behavioral6
- Target
  
  vape lite (fixed crack)/vape lite fixed/Python PIPs Installer.bat
- Size
  
  223B
- MD5
  
  70c0fa461015c7341d0d8b2ff4a4bdbd
- SHA1
  
  e223294f552f9effc6408d58357fa4b53d2d222c
- SHA256
  
  f137d19fad6043d90b7db03346f1021b10d719eb1961d76e9f32cc5584fe0153
- SHA512
  
  ad3261cae10fd967a76e09ef3cf0ed02b238c217626a6cf9fc338c11ee199484b5b0dcac0e3dc515f223a4e8c28b25d1b46a1a5ec0d4d63345165aa956a5f9cd
Score

1^/10
behavioral7 behavioral8
- Target
  
  vape lite (fixed crack)/vape lite fixed/Server.py
- Size
  
  31KB
- MD5
  
  a6b6abf1c1f9311777c45032226b4824
- SHA1
  
  3a7fa299b407e2564dc117d78ef4a3916c9c2274
- SHA256
  
  c794727f4c282e15d86356f1eb67196fea0cc208ed1fd60358bef6cb99d52843
- SHA512
  
  c462e769f53fc82ab0b62c3ef45bf7525be13610e0535abe2175ee55f7602447d2c76e9504d0127309d6c2f760fd87997696b14d18f2f82d05dd78a938748be0
- SSDEEP
  
  384:kvWx6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6mM:kOf2MS6kAfukNcAs
Score

3^/10
behavioral10 behavioral9
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo Patcher.exe
- Size
  
  11KB
- MD5
  
  bf28450278273ab1c3ebdd4c98bc9222
- SHA1
  
  4eb8db0a3816a4d6a627a4fa9367b46c787968fe
- SHA256
  
  2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
- SHA512
  
  6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
- SSDEEP
  
  192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score

1^/10
behavioral11 behavioral12
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo.dll
- Size
  
  37KB
- MD5
  
  0202563145fb353f35c915cdbe5474f8
- SHA1
  
  01b1ea50745a3824e68330b0339a44e27c9068e9
- SHA256
  
  5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd
- SHA512
  
  8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d
- SSDEEP
  
  768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27
Score

1^/10
behavioral13 behavioral14
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Vape_Lite.exe
- Size
  
  6.6MB
- MD5
  
  3459f3a3d65fa445d1eb52611ac55f6c
- SHA1
  
  135c835edfeec60e41bc1b24f1a10ad7a86c9a00
- SHA256
  
  9c85d76526d585038392e1af504886580d096e9646de2907b73feab521920944
- SHA512
  
  1dbf42476304cefd859754f1d8219c0b37cc5b2885527f874245a37df5e1145dbcc1ff1ce34bdf0fa47df8a503e37244ff07a37bb92e8f2514533d8a89926d8b
- SSDEEP
  
  98304:MsRRwjPcDZ3IFTbWJ6tWUQSPZyq2XOD6gwosVvC8pQ6TYupGFBUMnEB:MsRKjkNcyDVSROtgwJVvHjTrUIMni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  vape lite (fixed crack)/vape lite fixed/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral17 behavioral18
- Target
  
  vape lite/Dump2
- Size
  
  923KB
- MD5
  
  ad06977e60ae9625e6c59e67e8a662c8
- SHA1
  
  85190907bd6cea7af2b4cd173bd43650ad21c6b7
- SHA256
  
  59a95e9499f9c6cd54ec4cdc283d1638a11c3f68d23c689407b0c2f04c66ec7f
- SHA512
  
  c6e5a5cc94b3dd2d64cf5d71bf2b3990de14572433bf1a922b0b09465c733e4591b7cb6c80fc7e2e1a19cff0596415635077e9657cda51725dbe75adce80be6a
- SSDEEP
  
  24576:j7PLXCoAUP6HpAZNuIhALdxR445Atfw9w50rdv:j7DXCoAUPAArN2645SdEv
Score

1^/10
behavioral19 behavioral20
- Target
  
  vape lite/Vape Lite/Kangaroo Patcher.exe
- Size
  
  11KB
- MD5
  
  bf28450278273ab1c3ebdd4c98bc9222
- SHA1
  
  4eb8db0a3816a4d6a627a4fa9367b46c787968fe
- SHA256
  
  2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
- SHA512
  
  6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
- SSDEEP
  
  192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score

1^/10
behavioral21 behavioral22
- Target
  
  vape lite/Vape Lite/Kangaroo.dll
- Size
  
  37KB
- MD5
  
  0202563145fb353f35c915cdbe5474f8
- SHA1
  
  01b1ea50745a3824e68330b0339a44e27c9068e9
- SHA256
  
  5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd
- SHA512
  
  8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d
- SSDEEP
  
  768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27
Score

1^/10
behavioral23 behavioral24
- Target
  
  vape lite/Vape Lite/Vape_Lite.exe
- Size
  
  6.6MB
- MD5
  
  3459f3a3d65fa445d1eb52611ac55f6c
- SHA1
  
  135c835edfeec60e41bc1b24f1a10ad7a86c9a00
- SHA256
  
  9c85d76526d585038392e1af504886580d096e9646de2907b73feab521920944
- SHA512
  
  1dbf42476304cefd859754f1d8219c0b37cc5b2885527f874245a37df5e1145dbcc1ff1ce34bdf0fa47df8a503e37244ff07a37bb92e8f2514533d8a89926d8b
- SSDEEP
  
  98304:MsRRwjPcDZ3IFTbWJ6tWUQSPZyq2XOD6gwosVvC8pQ6TYupGFBUMnEB:MsRKjkNcyDVSROtgwJVvHjTrUIMni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral25 behavioral26
- Target
  
  vape lite/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral27 behavioral28
- Target
  
  vape lite/requirements install.bat
- Size
  
  31B
- MD5
  
  ed479ebacddedec77a46c27cc0e6a94d
- SHA1
  
  7b1855527317d0124ebeb726defa838d54e9b663
- SHA256
  
  f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
- SHA512
  
  41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score

1^/10
behavioral29 behavioral30
- Target
  
  vape lite/server run.bat
- Size
  
  16B
- MD5
  
  b50fc33edb46d785b84d969ac5fc6fad
- SHA1
  
  f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73
- SHA256
  
  7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c
- SHA512
  
  ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

evasionthemidatrojan

behavioral16

evasionthemidatrojan

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

evasionthemidatrojan

behavioral26

evasionthemidatrojan

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32