Overview

overview

7

Static

static

3

Vape.exe

windows10-2004-x64

7

Vape.exe

windows11-21h2-x64

7

Resubmissions

01/06/2024, 15:31

240601-syd79agc62 7

01/06/2024, 15:28

240601-swj1qagb97 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Vape.exe

  • Size

    13.0MB

  • Sample

    240601-syd79agc62

  • MD5

    5b525fc5cbb9785132a3ddd4aa9f1c27

  • SHA1

    7b3740ddd6046bb6f5ce2048f9d7efa8aaa6694b

  • SHA256

    ebe6d756efea7783a500447c1faf7da72c656a88883762ce4ddddd66c838bc15

  • SHA512

    2ae78cdad1f7ee10ad371e5c0ec5fbcd7851ab431b5dd3f9ccd6ac3a488a198187c665e5681f09cae085acf9fc99bc52e6c9a28aec54f708bac52831b2da0bb9

  • SSDEEP

    393216:slemhgHkOdPvPRW9OWFZsCwj4GpibRBe1:g1gHkOdPhwBwnoXe

Score
7/10
persistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      Vape.exe

    • Size

      13.0MB

    • MD5

      5b525fc5cbb9785132a3ddd4aa9f1c27

    • SHA1

      7b3740ddd6046bb6f5ce2048f9d7efa8aaa6694b

    • SHA256

      ebe6d756efea7783a500447c1faf7da72c656a88883762ce4ddddd66c838bc15

    • SHA512

      2ae78cdad1f7ee10ad371e5c0ec5fbcd7851ab431b5dd3f9ccd6ac3a488a198187c665e5681f09cae085acf9fc99bc52e6c9a28aec54f708bac52831b2da0bb9

    • SSDEEP

      393216:slemhgHkOdPvPRW9OWFZsCwj4GpibRBe1:g1gHkOdPhwBwnoXe

    Score
    7/10
    persistencepyinstallerspywarestealer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks