General
-
Target
Vape V4 Cracked.exe
-
Size
83.2MB
-
Sample
240917-ga24maxcrp
-
MD5
d8b516ccd538b7fb0b43887437955737
-
SHA1
80682e6da24c2f43efea4a7c122c8622a083e901
-
SHA256
55309a4905c0c074bb9b488a58314dc58d89dea1a8f6963a367c3a62110592c6
-
SHA512
12c017f28753e859ae13127edb9a859c299d6567d5529d72c01293d7fc949d16f2c2c32edcc720765aea66457807757973ef1d4ecf2a3b74b2108dfed668a42d
-
SSDEEP
1572864:DC/xlZ1DRUH32qZ0QaTY5pONinTIXK7hqsAyUhEvpPLjjW:DYTAPO4nsayyUmxPLW
Malware Config
Targets
-
-
Target
Vape V4 Cracked.exe
-
Size
83.2MB
-
MD5
d8b516ccd538b7fb0b43887437955737
-
SHA1
80682e6da24c2f43efea4a7c122c8622a083e901
-
SHA256
55309a4905c0c074bb9b488a58314dc58d89dea1a8f6963a367c3a62110592c6
-
SHA512
12c017f28753e859ae13127edb9a859c299d6567d5529d72c01293d7fc949d16f2c2c32edcc720765aea66457807757973ef1d4ecf2a3b74b2108dfed668a42d
-
SSDEEP
1572864:DC/xlZ1DRUH32qZ0QaTY5pONinTIXK7hqsAyUhEvpPLjjW:DYTAPO4nsayyUmxPLW
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
-
-
Target
$PLUGINSDIR/SpiderBanner.dll
-
Size
9KB
-
MD5
17309e33b596ba3a5693b4d3e85cf8d7
-
SHA1
7d361836cf53df42021c7f2b148aec9458818c01
-
SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
-
SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
SSDEEP
192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score3/10 -
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score3/10 -
-
-
Target
OGFnPatcher.exe
-
Size
177.3MB
-
MD5
82db6baf5501b11cf7582d68cb173689
-
SHA1
ff40fcae2ecfb00eb3f1a36521afbdc93db1e6e6
-
SHA256
17f48d532943a1160b9c171e183599d28b3a03b4943df8d1b5f8af2aaed142fc
-
SHA512
9d47fc31fec0379b7ec6461401e5cda54f7b64d6ff0a30136e5ad58bb94446cfa6f1e511380eb5bf99f59174e56fdc7a7cd06cf7cf46898c672bf37c36ec4d82
-
SSDEEP
1572864:s+vbimZ3RqPfrrW/GDt+wy2tXgJdtEaxMz6lMp1rJ/Gk/QeF/anRq9A4CGdhVnau:sA5kyGScXQT
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
-
-
Target
resources/app.asar
-
Size
11.9MB
-
MD5
9afbb4ab272009b84d0dfe96ce3b7992
-
SHA1
8d5062ed765e3082e047b0a0d1202af4285c1916
-
SHA256
ed493650ec3496c6cc1aefd50204eae20685bdfbf76ba91f5a81f0b86ce8012f
-
SHA512
9d745b681348bc5164eba3f3df2967792bf55ae591be6e3f51af38bd13b4080c83bd6434bf4e11428fe8a81fddcd2c105ce47a7e9feb67dc74869c1053ef7efa
-
SSDEEP
49152:1p59o3kjvCZT0fwAQTz0UzagXZKTznuZ4TzNjbTUzmaZ47zdAORrxTUUJXjq77F3:vwAnoUddstmzi33Dl/1JwNwI32
Score3/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
ec0504e6b8a11d5aad43b296beeb84b2
-
SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c
-
SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
-
SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
SSDEEP
96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
-
-
Target
$R0/Uninstall OGFnPatcher.exe
-
Size
141KB
-
MD5
bd4fb992d2f64bb8c5aa790655ca472e
-
SHA1
603f1b47473b5aeb04bd30d773cec7c5eb5c9e70
-
SHA256
1011a99280920f49bbda15083e502ad38dd642d887ffebd21794c81a1a021cfb
-
SHA512
2e5b3ca46542bc948f64b8d008efedda3746be6e7cfda6058a1511a9f081f1ddfad0c543445d3c19ca8c36eb6a1013c0fd0437a0c887ff2908208bd10ab3fe40
-
SSDEEP
3072:8n77v00hEoDEtauhrNFAOZdBoUNLaH2tvhOEA1RJCir86SrSrv6Ia3x:8740ItNKudBoILs2t0EyL+yaB
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3