General
-
Target
Vape_v4.12_Remaker.rar
-
Size
17.7MB
-
Sample
240529-wd5q9acc7w
-
MD5
9a288a53e3edbd5bfa0dc9297e2283ce
-
SHA1
c2dfcf3d11859ffbe3165512ca1f3e4a52df3af4
-
SHA256
1333c0a3fefc33c9a618bb51b210a493a5a17563e9b0a15161fcfb0bec8b4950
-
SHA512
e46416f6ca027581d5683cbdecaa0b137880046bc72213691bf38feb89822d905a6ddff2733067cf82dc254afbc836f191ec147e641025be484d779e661ab53c
-
SSDEEP
393216:X9bmLgsMt2PfQi5S83/uP5Z8EqccGNGZtSlNm+PR8XkJ/e:X9fhYf75xGBSJzZtSzmwR8Y2
Behavioral task
behavioral1
Sample
Vape_v4.12_Remaker/Vape V4.12.4.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Vape_v4.12_Remaker/Vape V4.12.4.exe
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
Vape_v4.12_Remaker/host.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
Vape_v4.12_Remaker/host.bat
Resource
win11-20240426-en
Behavioral task
behavioral5
Sample
Vape_v4.12_Remaker/inject.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
Vape_v4.12_Remaker/inject.dll
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Vape_v4.12_Remaker/Vape V4.12.4.exe
-
Size
82.0MB
-
MD5
84f483b4a9da550ce0e403d3c1731a88
-
SHA1
3ec776411e38cedd54c93ad228f4e981bb2f6757
-
SHA256
83fd9c5bec332c4082fd58c1219dc84cc3a414817bcae3131ce07679e3e341f1
-
SHA512
1da649c2ae75752174c6d9437b79e0654ed7ad3c41e72de86e6926053292fb9f657055e988feebdcd6f9f346883ee491b457bbad4a47e2f73692e627bb26f144
-
SSDEEP
393216:gjAPfF3dNPVrCEDLQzH2ciIrHW4H//o3+d76O1g+zXew:8AjrCEDLQzkIL7/w677g+zOw
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Vape_v4.12_Remaker/host.bat
-
Size
212B
-
MD5
45e402e32c7fabf579c3a048396ca270
-
SHA1
18950dc60c913a0a7b098cbd55d2bf3087d2447a
-
SHA256
9d87e71946d492dc878fdda9ce8693b820dcab116d52b60e429eff37c1b8b707
-
SHA512
b286685f1efd07ade19876c522dd01d47ce9ef6b49da920f96163687e6728cf82f3d21d358029f3f1fe738a524711b6caf71a2ff789c52ef44b28104ed09f916
Score1/10 -
-
-
Target
Vape_v4.12_Remaker/inject.dll
-
Size
5.0MB
-
MD5
6990d8eccbb8bbc6b5835ba7d94ffe4c
-
SHA1
48ca050052c5db2fe8861a9eadbf2d6689e924cd
-
SHA256
1634d50dc2263dff2305de904ddf903467a6edcc464a778fcf77e4ca8df8365f
-
SHA512
d41b89be7a35b3738c1518fd93b5f8ace6c69fea66ca33cfa38ebf22a9c27967b37f70e10e8afd59c171a72a0b4a087bce5ee022eb009a8f17e368df32559953
-
SSDEEP
98304:IIo/Y7mgTm05AwJHE6hnRVL6MgbscSEd17E7GV3td:INg7PAmkOvgoXYI7GVP
Score1/10 -