General

  • Target

    Vape_v4.12_Remaker.rar

  • Size

    17.7MB

  • Sample

    240529-v9xvvach52

  • MD5

    9a288a53e3edbd5bfa0dc9297e2283ce

  • SHA1

    c2dfcf3d11859ffbe3165512ca1f3e4a52df3af4

  • SHA256

    1333c0a3fefc33c9a618bb51b210a493a5a17563e9b0a15161fcfb0bec8b4950

  • SHA512

    e46416f6ca027581d5683cbdecaa0b137880046bc72213691bf38feb89822d905a6ddff2733067cf82dc254afbc836f191ec147e641025be484d779e661ab53c

  • SSDEEP

    393216:X9bmLgsMt2PfQi5S83/uP5Z8EqccGNGZtSlNm+PR8XkJ/e:X9fhYf75xGBSJzZtSzmwR8Y2

Malware Config

Targets

    • Target

      Vape_v4.12_Remaker/Vape V4.12.4.exe

    • Size

      82.0MB

    • MD5

      84f483b4a9da550ce0e403d3c1731a88

    • SHA1

      3ec776411e38cedd54c93ad228f4e981bb2f6757

    • SHA256

      83fd9c5bec332c4082fd58c1219dc84cc3a414817bcae3131ce07679e3e341f1

    • SHA512

      1da649c2ae75752174c6d9437b79e0654ed7ad3c41e72de86e6926053292fb9f657055e988feebdcd6f9f346883ee491b457bbad4a47e2f73692e627bb26f144

    • SSDEEP

      393216:gjAPfF3dNPVrCEDLQzH2ciIrHW4H//o3+d76O1g+zXew:8AjrCEDLQzkIL7/w677g+zOw

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Vape_v4.12_Remaker/host.bat

    • Size

      212B

    • MD5

      45e402e32c7fabf579c3a048396ca270

    • SHA1

      18950dc60c913a0a7b098cbd55d2bf3087d2447a

    • SHA256

      9d87e71946d492dc878fdda9ce8693b820dcab116d52b60e429eff37c1b8b707

    • SHA512

      b286685f1efd07ade19876c522dd01d47ce9ef6b49da920f96163687e6728cf82f3d21d358029f3f1fe738a524711b6caf71a2ff789c52ef44b28104ed09f916

    Score
    1/10
    • Target

      Vape_v4.12_Remaker/inject.dll

    • Size

      5.0MB

    • MD5

      6990d8eccbb8bbc6b5835ba7d94ffe4c

    • SHA1

      48ca050052c5db2fe8861a9eadbf2d6689e924cd

    • SHA256

      1634d50dc2263dff2305de904ddf903467a6edcc464a778fcf77e4ca8df8365f

    • SHA512

      d41b89be7a35b3738c1518fd93b5f8ace6c69fea66ca33cfa38ebf22a9c27967b37f70e10e8afd59c171a72a0b4a087bce5ee022eb009a8f17e368df32559953

    • SSDEEP

      98304:IIo/Y7mgTm05AwJHE6hnRVL6MgbscSEd17E7GV3td:INg7PAmkOvgoXYI7GVP

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks