General

  • Target

    vape_1.rar

  • Size

    12.1MB

  • Sample

    240616-mn8q8atfpj

  • MD5

    96d9a337c4a9b722cdf68b77e75bcbdf

  • SHA1

    361e44d81211b4c7345262817fecda2a40848cd1

  • SHA256

    5e490f3e7e0043f505cf2fad322359d3c307dc4557a638494c1e36fe2026a6e7

  • SHA512

    8e37d7d5777e4038d7ca8b4ace5e3b604d0683b4e3bd05e993f0f8f2ee11fdf02a5bc74f21e4e78a6a7ce44d2e0fdbcb38b56cf76af75d467621303e6294d4da

  • SSDEEP

    393216:7hU43PwvaK0W287tSyhrt7hkpOVIdQdE0Pcgb2ol51K:FU+GsbetSyhrIQMQNPfCoT4

Malware Config

Targets

    • Target

      vape/Vape_V4/Kangaroo Patcher.exe

    • Size

      11KB

    • MD5

      bf28450278273ab1c3ebdd4c98bc9222

    • SHA1

      4eb8db0a3816a4d6a627a4fa9367b46c787968fe

    • SHA256

      2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500

    • SHA512

      6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573

    • SSDEEP

      192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su

    Score
    1/10
    • Target

      vape/Vape_V4/Kangaroo.dll

    • Size

      37KB

    • MD5

      d41ca753236e6cf92fc2994198b747f9

    • SHA1

      1953f5a562d036ee82207c71d09e242e7cee7b1d

    • SHA256

      0e6afbf35aacb45d7632fa4c262f7fa70bad762d1ade2f83cfdcf133c37f764b

    • SHA512

      8eeaee9dab81bcfc14ba0d6efd6a73cbf87d6b62778f9badabb45714b520ebf2e60bdb7563b925f38d8ad42cb5efc41a0440747a2df653bc836bab67fbe39a14

    • SSDEEP

      768:uvIDGix5UKUQ5Pscf6utGsBplZua/HOx:uADuKUWsNCBpxu

    Score
    1/10
    • Target

      vape/Vape_V4/Vape_V4.exe

    • Size

      7.6MB

    • MD5

      7407fd99ee1940051b4f543656ea9b0a

    • SHA1

      7149b25db501b75111ac77fe4bcfe6915058757a

    • SHA256

      bef628b23396d36849beac1bf633859d02f82ae9dc877281862b7e9e85148ecd

    • SHA512

      804a257e128f54d5febaca7424f308403e092f773119075270b89d8721e9cc91e3b7adc402ad9a9fbb252b5af250745d2f6a34f523f30b1f08c212aea0e5b75d

    • SSDEEP

      98304:g08oqEGSxQo0nYD20QB/2IuD4fb9e9z2FkZgFkrSyt85ZOnhAug8HrtqA:JnZr0YyG25eIFkKFFZ18H4A

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      vape/dumper/mitm_server.py

    • Size

      4KB

    • MD5

      fb2ea3294517bab463df4273e7c6bcd6

    • SHA1

      1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546

    • SHA256

      bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7

    • SHA512

      ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7

    • SSDEEP

      96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84

    Score
    3/10
    • Target

      vape/requirements install.bat

    • Size

      31B

    • MD5

      ed479ebacddedec77a46c27cc0e6a94d

    • SHA1

      7b1855527317d0124ebeb726defa838d54e9b663

    • SHA256

      f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc

    • SHA512

      41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda

    Score
    1/10
    • Target

      vape/server run.bat

    • Size

      16B

    • MD5

      b50fc33edb46d785b84d969ac5fc6fad

    • SHA1

      f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73

    • SHA256

      7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c

    • SHA512

      ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee

    Score
    1/10
    • Target

      vape/server.py

    • Size

      31KB

    • MD5

      491f1d7472b87b9416ac8399f8bf0aa7

    • SHA1

      5883fb4c311c9ff998c3d612c4a96cd8b4af7a53

    • SHA256

      161389d4ca6ef5a6e6c737fe57a6d8fb9b4200cb9cd35a429b52e0bf05778a73

    • SHA512

      3ca1b8149299a9fc160445fec9a881955926a64745971b1ff59f15d705b118be4fd05abbc9e2ce9354feabc9f65d939cd0a94d7f58c52a91588a0e174cc180e4

    • SSDEEP

      384:kix6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6m1:kif2MS6kAfukNcAV

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks