68c622f3d89062313fdaf3069a49dc136d8e92ac5b1fc9fc66f5c1d2594a6243 | Triage

Sharing

General

Target

Vape Lite.zip
Size

27.7MB
Sample

240711-zvtbbstfjj
MD5

9209ee989d7cf96207e1d05c46778d9a
SHA1

8818999916d40325cb2e2e136675072415332ad9
SHA256

68c622f3d89062313fdaf3069a49dc136d8e92ac5b1fc9fc66f5c1d2594a6243
SHA512

e6fd9b99e76a4de7923dcb13206471299efe9667e1b78b719a5e39293d43fe0b712b6fc5255a34c4637fbd47a0b2e4da148f4035cc9175dbc8fb438d210babbc
SSDEEP

786432:TU+GsbeASyhr/o/gTqwpFcxRapgUrGsbeISyhr7TmgTqwpFcxRap9:gCD5J/u2FWu9lb5J7q2FWu9

Score

9^/10

evasion themida trojan

Malware Config

Targets

- Target
  
  vape lite (fixed crack)/vape lite fixed/Python Numpy Installer.bat
- Size
  
  217B
- MD5
  
  729e49be9aa9c748047d23b892885009
- SHA1
  
  7e6646b4a44085694ae8d2b27f6369874bae51c9
- SHA256
  
  9307f0dea15d0608a870ba75137e9bebe9633a8e2c7fb5720e4d715bd7b2d730
- SHA512
  
  46de0fcd49af3a1094f52374df0baf1970d0857fa5617900000a1dd4946b093d7326aaf1df883dc2a4e7a4c6451843a57fc5e842e4abb843fadf8182d7d69e5c
Score

1^/10
behavioral1 behavioral2
- Target
  
  vape lite (fixed crack)/vape lite fixed/Python PIPs Installer.bat
- Size
  
  223B
- MD5
  
  70c0fa461015c7341d0d8b2ff4a4bdbd
- SHA1
  
  e223294f552f9effc6408d58357fa4b53d2d222c
- SHA256
  
  f137d19fad6043d90b7db03346f1021b10d719eb1961d76e9f32cc5584fe0153
- SHA512
  
  ad3261cae10fd967a76e09ef3cf0ed02b238c217626a6cf9fc338c11ee199484b5b0dcac0e3dc515f223a4e8c28b25d1b46a1a5ec0d4d63345165aa956a5f9cd
Score

1^/10
behavioral3 behavioral4
- Target
  
  vape lite (fixed crack)/vape lite fixed/Server.py
- Size
  
  31KB
- MD5
  
  a6b6abf1c1f9311777c45032226b4824
- SHA1
  
  3a7fa299b407e2564dc117d78ef4a3916c9c2274
- SHA256
  
  c794727f4c282e15d86356f1eb67196fea0cc208ed1fd60358bef6cb99d52843
- SHA512
  
  c462e769f53fc82ab0b62c3ef45bf7525be13610e0535abe2175ee55f7602447d2c76e9504d0127309d6c2f760fd87997696b14d18f2f82d05dd78a938748be0
- SSDEEP
  
  384:kvWx6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6mM:kOf2MS6kAfukNcAs
Score

3^/10
behavioral5 behavioral6
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo Patcher.exe
- Size
  
  11KB
- MD5
  
  bf28450278273ab1c3ebdd4c98bc9222
- SHA1
  
  4eb8db0a3816a4d6a627a4fa9367b46c787968fe
- SHA256
  
  2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
- SHA512
  
  6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
- SSDEEP
  
  192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score

1^/10
behavioral7 behavioral8
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Kangaroo.dll
- Size
  
  37KB
- MD5
  
  0202563145fb353f35c915cdbe5474f8
- SHA1
  
  01b1ea50745a3824e68330b0339a44e27c9068e9
- SHA256
  
  5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd
- SHA512
  
  8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d
- SSDEEP
  
  768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27
Score

1^/10
behavioral10 behavioral9
- Target
  
  vape lite (fixed crack)/vape lite fixed/Vape Lite/Vape_Lite.exe
- Size
  
  6.6MB
- MD5
  
  3459f3a3d65fa445d1eb52611ac55f6c
- SHA1
  
  135c835edfeec60e41bc1b24f1a10ad7a86c9a00
- SHA256
  
  9c85d76526d585038392e1af504886580d096e9646de2907b73feab521920944
- SHA512
  
  1dbf42476304cefd859754f1d8219c0b37cc5b2885527f874245a37df5e1145dbcc1ff1ce34bdf0fa47df8a503e37244ff07a37bb92e8f2514533d8a89926d8b
- SSDEEP
  
  98304:MsRRwjPcDZ3IFTbWJ6tWUQSPZyq2XOD6gwosVvC8pQ6TYupGFBUMnEB:MsRKjkNcyDVSROtgwJVvHjTrUIMni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  vape lite (fixed crack)/vape lite fixed/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral13 behavioral14
- Target
  
  vape lite/Vape Lite/Kangaroo Patcher.exe
- Size
  
  11KB
- MD5
  
  bf28450278273ab1c3ebdd4c98bc9222
- SHA1
  
  4eb8db0a3816a4d6a627a4fa9367b46c787968fe
- SHA256
  
  2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500
- SHA512
  
  6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573
- SSDEEP
  
  192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su
Score

1^/10
behavioral15 behavioral16
- Target
  
  vape lite/Vape Lite/Kangaroo.dll
- Size
  
  37KB
- MD5
  
  0202563145fb353f35c915cdbe5474f8
- SHA1
  
  01b1ea50745a3824e68330b0339a44e27c9068e9
- SHA256
  
  5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd
- SHA512
  
  8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d
- SSDEEP
  
  768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27
Score

1^/10
behavioral17 behavioral18
- Target
  
  vape lite/Vape Lite/Vape_Lite.exe
- Size
  
  6.6MB
- MD5
  
  3459f3a3d65fa445d1eb52611ac55f6c
- SHA1
  
  135c835edfeec60e41bc1b24f1a10ad7a86c9a00
- SHA256
  
  9c85d76526d585038392e1af504886580d096e9646de2907b73feab521920944
- SHA512
  
  1dbf42476304cefd859754f1d8219c0b37cc5b2885527f874245a37df5e1145dbcc1ff1ce34bdf0fa47df8a503e37244ff07a37bb92e8f2514533d8a89926d8b
- SSDEEP
  
  98304:MsRRwjPcDZ3IFTbWJ6tWUQSPZyq2XOD6gwosVvC8pQ6TYupGFBUMnEB:MsRKjkNcyDVSROtgwJVvHjTrUIMni
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral19 behavioral20
- Target
  
  vape lite/dumper/mitm_server.py
- Size
  
  4KB
- MD5
  
  fb2ea3294517bab463df4273e7c6bcd6
- SHA1
  
  1a5eb75bff26c1d8a8cfefa57a8ea7fe366b7546
- SHA256
  
  bc130c050da31bc55f7d6aa1c7a7e0817f289fa0eaf72ffa253cbaa10c45aff7
- SHA512
  
  ef56b9000dca93f34a5badb94299f27cd0cca267decf9c99b60dfe7b60d5df748900da7a422882a80f0a26a552bcb0588298096aa56d80c2026e190da862dfa7
- SSDEEP
  
  96:I5kbEiPPT7JDOKVyqOeyJCA1B5FE9pWbWCGkBRP4:I5niPPT7JDP+eyJt1XFErWs84
Score

3^/10
behavioral21 behavioral22
- Target
  
  vape lite/requirements install.bat
- Size
  
  31B
- MD5
  
  ed479ebacddedec77a46c27cc0e6a94d
- SHA1
  
  7b1855527317d0124ebeb726defa838d54e9b663
- SHA256
  
  f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
- SHA512
  
  41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score

1^/10
behavioral23 behavioral24
- Target
  
  vape lite/server run.bat
- Size
  
  16B
- MD5
  
  b50fc33edb46d785b84d969ac5fc6fad
- SHA1
  
  f8c6fa1c7cbcddaa5aa7c0df662bca49da6b6b73
- SHA256
  
  7cc34ebdac143b58db7e4ac37640b2d2329f1d73ce0bbf35e04f8e0df34d448c
- SHA512
  
  ab38c0269894eb6d79096e4f9e0b9ecfed6cec0bba30731030ffdea0b8712ca14946b65f38cc5e2ee753affbb5b1e242d27bea79e4dd92e3613b508d97354eee
Score

1^/10
behavioral25 behavioral26
- Target
  
  vape lite/server.py
- Size
  
  31KB
- MD5
  
  491f1d7472b87b9416ac8399f8bf0aa7
- SHA1
  
  5883fb4c311c9ff998c3d612c4a96cd8b4af7a53
- SHA256
  
  161389d4ca6ef5a6e6c737fe57a6d8fb9b4200cb9cd35a429b52e0bf05778a73
- SHA512
  
  3ca1b8149299a9fc160445fec9a881955926a64745971b1ff59f15d705b118be4fd05abbc9e2ce9354feabc9f65d939cd0a94d7f58c52a91588a0e174cc180e4
- SSDEEP
  
  384:kix6kmOKS2y68HjOd6aYtk3wf8Ukkx3cA6m1:kif2MS6kAfukNcAV
Score

3^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

evasionthemidatrojan

behavioral12

evasionthemidatrojan

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

evasionthemidatrojan

behavioral20

evasionthemidatrojan

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28