Overview
overview
9Static
static
7vape/Vape_...er.exe
windows7-x64
1vape/Vape_...er.exe
windows10-2004-x64
1vape/Vape_...oo.dll
windows7-x64
1vape/Vape_...oo.dll
windows10-2004-x64
1vape/Vape_...V4.exe
windows7-x64
9vape/Vape_...V4.exe
windows10-2004-x64
9vape/dumpe...ver.py
windows7-x64
3vape/dumpe...ver.py
windows10-2004-x64
3vape/requi...ll.bat
windows7-x64
1vape/requi...ll.bat
windows10-2004-x64
1vape/server run.bat
windows7-x64
1vape/server run.bat
windows10-2004-x64
1vape/server.py
windows7-x64
3vape/server.py
windows10-2004-x64
3General
-
Target
vape_1.rar
-
Size
12.1MB
-
Sample
240616-mn8q8atfpj
-
MD5
96d9a337c4a9b722cdf68b77e75bcbdf
-
SHA1
361e44d81211b4c7345262817fecda2a40848cd1
-
SHA256
5e490f3e7e0043f505cf2fad322359d3c307dc4557a638494c1e36fe2026a6e7
-
SHA512
8e37d7d5777e4038d7ca8b4ace5e3b604d0683b4e3bd05e993f0f8f2ee11fdf02a5bc74f21e4e78a6a7ce44d2e0fdbcb38b56cf76af75d467621303e6294d4da
-
SSDEEP
393216:7hU43PwvaK0W287tSyhrt7hkpOVIdQdE0Pcgb2ol51K:FU+GsbetSyhrIQMQNPfCoT4
Behavioral task
behavioral1
Sample
vape/Vape_V4/Kangaroo Patcher.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
vape/Vape_V4/Kangaroo Patcher.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
vape/Vape_V4/Kangaroo.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
vape/Vape_V4/Kangaroo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
vape/Vape_V4/Vape_V4.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
vape/Vape_V4/Vape_V4.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
vape/dumper/mitm_server.py
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
vape/dumper/mitm_server.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
vape/requirements install.bat
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
vape/requirements install.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
vape/server run.bat
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
vape/server run.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
vape/server.py
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
vape/server.py
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
vape/Vape_V4/Kangaroo Patcher.exe
-
Size
11KB
-
MD5
bf28450278273ab1c3ebdd4c98bc9222
-
SHA1
4eb8db0a3816a4d6a627a4fa9367b46c787968fe
-
SHA256
2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
-
SHA512
6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
-
SSDEEP
192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score1/10 -
-
-
Target
vape/Vape_V4/Kangaroo.dll
-
Size
37KB
-
MD5
d41ca753236e6cf92fc2994198b747f9
-
SHA1
1953f5a562d036ee82207c71d09e242e7cee7b1d
-
SHA256
0e6afbf35aacb45d7632fa4c262f7fa70bad762d1ade2f83cfdcf133c37f764b
-
SHA512
8eeaee9dab81bcfc14ba0d6efd6a73cbf87d6b62778f9badabb45714b520ebf2e60bdb7563b925f38d8ad42cb5efc41a0440747a2df653bc836bab67fbe39a14
-
SSDEEP
768:uvIDGix5UKUQ5Pscf6utGsBplZua/HOx:uADuKUWsNCBpxu
Score1/10 -
-
-
Target
vape/Vape_V4/Vape_V4.exe
-
Size
7.6MB
-
MD5
7407fd99ee1940051b4f543656ea9b0a
-
SHA1
7149b25db501b75111ac77fe4bcfe6915058757a
-
SHA256
bef628b23396d36849beac1bf633859d02f82ae9dc877281862b7e9e85148ecd
-
SHA512
804a257e128f54d5febaca7424f308403e092f773119075270b89d8721e9cc91e3b7adc402ad9a9fbb252b5af250745d2f6a34f523f30b1f08c212aea0e5b75d
-
SSDEEP
98304:g08oqEGSxQo0nYD20QB/2IuD4fb9e9z2FkZgFkrSyt85ZOnhAug8HrtqA:JnZr0YyG25eIFkKFFZ18H4A
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
vape/dumper/mitm_server.py
-
Size
4KB
-
MD5
fb2ea3294517bab463df4273e7c6bcd6
-
SHA1
1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
-
SHA256
bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
-
SHA512
ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
-
SSDEEP
96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score3/10 -
-
-
Target
vape/requirements install.bat
-
Size
31B
-
MD5
ed479ebacddedec77a46c27cc0e6a94d
-
SHA1
7b1855527317d0124ebeb726defa838d54e9b663
-
SHA256
f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
-
SHA512
41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score1/10 -
-
-
Target
vape/server run.bat
-
Size
16B
-
MD5
b50fc33edb46d785b84d969ac5fc6fad
-
SHA1
f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73
-
SHA256
7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c
-
SHA512
ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee
Score1/10 -
-
-
Target
vape/server.py
-
Size
31KB
-
MD5
491f1d7472b87b9416ac8399f8bf0aa7
-
SHA1
5883fb4c311c9ff998c3d612c4a96cd8b4af7a53
-
SHA256
161389d4ca6ef5a6e6c737fe57a6d8fb9b4200cb9cd35a429b52e0bf05778a73
-
SHA512
3ca1b8149299a9fc160445fec9a881955926a64745971b1ff59f15d705b118be4fd05abbc9e2ce9354feabc9f65d939cd0a94d7f58c52a91588a0e174cc180e4
-
SSDEEP
384:kix6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6m1:kif2MS6kAfukNcAV
Score3/10 -