General

  • Target

    VapeClientV4.jar

  • Size

    3.1MB

  • Sample

    240528-adlsgsgc38

  • MD5

    1616e1fecf7e9c204906e5e084f2b811

  • SHA1

    138d8d6ef90147a77b0db1523d968ebd19520ffa

  • SHA256

    3aa4340a89ef2af875654fc5a3658ff7af9b44acca7fd2fac6e71660689888c5

  • SHA512

    4fa42411b681cf11cfc9ef8928d01e49dcbb21ec4fc27d35caecaf6a426740bad21bd70d9e7fd6ad8c057d22dbc4ff9edfc2a8d3961004282a58f592b39de429

  • SSDEEP

    98304:DmVE3gfDfndOgR8clG+RZGliA03/GEpDodEgB:DmkgDQqGyEZ0+0opB

Malware Config

Targets

    • Target

      VapeClientV4.jar

    • Size

      3.1MB

    • MD5

      1616e1fecf7e9c204906e5e084f2b811

    • SHA1

      138d8d6ef90147a77b0db1523d968ebd19520ffa

    • SHA256

      3aa4340a89ef2af875654fc5a3658ff7af9b44acca7fd2fac6e71660689888c5

    • SHA512

      4fa42411b681cf11cfc9ef8928d01e49dcbb21ec4fc27d35caecaf6a426740bad21bd70d9e7fd6ad8c057d22dbc4ff9edfc2a8d3961004282a58f592b39de429

    • SSDEEP

      98304:DmVE3gfDfndOgR8clG+RZGliA03/GEpDodEgB:DmkgDQqGyEZ0+0opB

    • Modifies file permissions

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks