124b517c087ac4c094924b1dd7bc6caac7c02ed2a03dc6f3eb2dc457d2599cba | Triage

Sharing

General

Target

vape_v4.11.zip
Size

18.6MB
Sample

240619-ssm8zaserg
MD5

92ba22fe6878e7438f5c75441c58958d
SHA1

73849b826a80d4f659ca77138f2423275b151114
SHA256

124b517c087ac4c094924b1dd7bc6caac7c02ed2a03dc6f3eb2dc457d2599cba
SHA512

89dbe6538a8d33e7bfbe7c5e87013a2025150e3dc7d656c5f94981dd24dfe0ff2b4ee2566695347970ede4402fabbb6127132cb0ca8b26e2f421686634bbbb99
SSDEEP

393216:J+IIILiSmmpOUNZNX4IuYP3ldCuSsMiJOmDPs2m8Cj:mF4X+YP3ldCuSgJOmDq3

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  vape_v4.11/vape v4.11/Bape Client.exe.lnk
- Size
  
  2KB
- MD5
  
  e140d1ee5ace09dfa36ef23b7a33dac6
- SHA1
  
  5c7a9d57bedd38b24195fe78e762dc3514b9c1ca
- SHA256
  
  6e5ba23cf455e644bc30ff9dd30362fc9316bba07f6aa6eed46d2c9c149c32d7
- SHA512
  
  373004c4dd757ec0f718ba4954ed1c460228694b2f90e2e68d06b33f9dc833187e14a6e8568bf17bdd81cf0b274396be56b06f2f2ef504be89642b74601c2a65
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  vape_v4.11/vape v4.11/DLLLoader64_AF73.exe
- Size
  
  88KB
- MD5
  
  3f567c4e0f721a09453e7c6993737ca5
- SHA1
  
  07e3277023b35ecbd937351a5d92941fff319123
- SHA256
  
  13bbd13a351f3c8bac18d12edb1952fd2feec628d94fbee27d8b03bd25bada9e
- SHA512
  
  691f8ba45a515467afff057aed3a6a2cad7c9e00e47021b7bbbefac2725fa860fa70cf1f64ff49b5b531de116bdfc44525a7049dc3cc198267c715f3d100e00d
- SSDEEP
  
  1536:6TdqUILCJLld5or1S+AZpAii5vlj7k58MYg0sW4dx8vZcyaEk672iD4:6TdDILCJLD5or1MpApJGYgr2ZuEk22z
Score

1^/10
behavioral3 behavioral4
- Target
  
  vape_v4.11/vape v4.11/Vape4DLL.dll
- Size
  
  5.0MB
- MD5
  
  6990d8eccbb8bbc6b5835ba7d94ffe4c
- SHA1
  
  48ca050052c5db2fe8861a9eadbf2d6689e924cd
- SHA256
  
  1634d50dc2263dff2305de904ddf903467a6edcc464a778fcf77e4ca8df8365f
- SHA512
  
  d41b89be7a35b3738c1518fd93b5f8ace6c69fea66ca33cfa38ebf22a9c27967b37f70e10e8afd59c171a72a0b4a087bce5ee022eb009a8f17e368df32559953
- SSDEEP
  
  98304:IIo/Y7mgTm05AwJHE6hnRVL6MgbscSEd17E7GV3td:INg7PAmkOvgoXYI7GVP
Score

1^/10
behavioral5 behavioral6
- Target
  
  vape_v4.11/vape v4.11/VrfsEcFwGf.exe
- Size
  
  322KB
- MD5
  
  b3804c46269ef2690eb70a75ef21cdc2
- SHA1
  
  47731b2198c07d82b68eaab2cb8b4e968f15f160
- SHA256
  
  294bfa9b30bd890eb2e7c633f9195d2723f5703117cc3928ce072a035ad7064e
- SHA512
  
  0eba88264a0b27e3c092064dd28f80c5e3b978177183953bbc5b27d186fd3883201943a6c96ff0b8039e281d955e7d62189d09724677833c641e013601e7529b
- SSDEEP
  
  6144:+BznSixfdeTyHpD50AxlkX66u45YflfA0gHMYWTd/Kea/VPiQp2nOPEaxHU:+gSdfjxmX6L458lfrY6wLn2Yg
Score

1^/10
behavioral7 behavioral8
- Target
  
  vape_v4.11/vape v4.11/bapeclient.bat
- Size
  
  277B
- MD5
  
  41031cbb365f5d6ab312230803bd7a27
- SHA1
  
  224a1a23407a580545397dc7381253c1e46ab0ae
- SHA256
  
  708afc76563f74ccb53d39a3a6c9454d6e111dffd977e5115f43b2c0d46e0c20
- SHA512
  
  65ddbb5c2bf5607d79e47ae4fcca5f791b556ac4b046b350bce98460c9761ac23afbf2c15433de7029f260952ead55e487d5f5d16b90c14c8674f394917ae739
Score

3^/10
behavioral10 behavioral9
- Target
  
  vape_v4.11/vape v4.11/startLoading.bat
- Size
  
  48B
- MD5
  
  e67302257bf54909bfea2e6df59fe7da
- SHA1
  
  7200410e10a226bfe354656a7a123c2bce5c7836
- SHA256
  
  36519eb1d6f09a45accef8148c6fec844824c27b2fed882577b88943a87a709a
- SHA512
  
  46a423624010d2d6e8d52ec06e213700dfb594c951d1efb5ee67aacee54b3b51b87b4a140a5931c416b5736098793b9a4bbc065b14d23435795fdd0aed647249
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  vape_v4.11/vape v4.11/test.bat
- Size
  
  16B
- MD5
  
  535273e942d737882ef716ad57ef4eed
- SHA1
  
  0c614dc7e17a1d8b64cf20faf840b7f93b91477f
- SHA256
  
  85d36555348bd93cd9195d1bfe0193bd4c3b272f78ced432f154d07f746a635f
- SHA512
  
  b3f90b615cfa55c2627fd784956037846b6dc10bcde1a6304e9f957b956a9dab9f1b95488bffd7e7d4bbe91f68e5635d6d36bc1d025ace0bece9d9feffe5fd94
Score

1^/10
behavioral13 behavioral14
- Target
  
  vape_v4.11/vape v4.11/vape-loader.jar
- Size
  
  5.7MB
- MD5
  
  942b440da0b181b775771d1543084f30
- SHA1
  
  666ac2ae1d22c0ad657d89e2074044d27b9caa18
- SHA256
  
  5fdcb68e0b267332bf806b1e465c0e55eb2b8140c932c2b8856de804c83f1a55
- SHA512
  
  41d05c4c12696a0c70c3640ba282154d5987cf66742999c5ecfdcfb66e62c4276c4a8afdc7f98211a195441184057b0ca9ed4a7526950987671db9f8b99214e6
- SSDEEP
  
  98304:CDbPd7m1KUTz0KPXX2jPlSS1i3oG7bMDtILXHdGE9EWaDMg0gzAmUnlJ5ruI+69P:2LpJUTN/oPES1i3oG0qJVGWmMgxzAn5L
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16