General

  • Target

    Vape_V4(2).rar

  • Size

    14.6MB

  • Sample

    241028-yjf17awcjl

  • MD5

    029504c15b770ca7db29eeb7a9334103

  • SHA1

    3dc68216dd75954edc70ec6037563b7b803c9949

  • SHA256

    8531f0e00bd3595777a4e76832ed81c932c69371b5be79b9b5a5cbec8f9732e6

  • SHA512

    8e08daa74c1c32f488cbd665168c6b58062b24556da9636d3e83c498640069b737639b19ccb367f26292bd7914496983d06bc4476d849af0d2d9aec3bf7a6d20

  • SSDEEP

    393216:4Crd77Ie9m8cxixsLlEdlCjugPom3QzI0:4oRbtwfaQjlp3Qz3

Malware Config

Targets

    • Target

      Vape V4/api-ms-win-core-console-l1-1-0.dll

    • Size

      20KB

    • MD5

      39852d24acf76cf0b3a427f46663efdf

    • SHA1

      92b9730c276c6f2a46e583fc815374c823e6098b

    • SHA256

      191e08dea0ad5ac02e7e84669d9fffa5aa67dc696e36077c5fa20d81c80b6a56

    • SHA512

      e6f0898871b769244818d93117fe3cb82cc8f12bb24d6b3406ffcaa2a26f0b5754246b5c739e9cbcf07cb94aabba2fd934e7054607b4086b2f4c5592607e8385

    • SSDEEP

      192:POiWBhWnWYnO/VWQ4SWSUPKUH0jpC52qnajc5x8D:P5WBhWXU8H0Nlg5uD

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-console-l1-2-0.dll

    • Size

      20KB

    • MD5

      f33ec623aa4a2bd4c004d3befe0bdd08

    • SHA1

      79a3c89d842d502f989fb5a3eaeabccb0abae8d2

    • SHA256

      9e04918d9e751dbc56d0251d3ada573381b469a012599554d72aa4affda9658a

    • SHA512

      be24a3cb876d617f8054fd49dd815d89473b053bab175373169a1cb0f016ccd05a718da9a8c29de66690f02bdd60782222928ecd2e24aa5128573e67356e5af2

    • SSDEEP

      192:Q6WBhWvWYnO/VWQ4uWp0QLCamylqnajP3Tx7:DWBhWfUJQ3Jllz3V7

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-datetime-l1-1-0.dll

    • Size

      20KB

    • MD5

      b71c18f8966cead654800ff402c6520f

    • SHA1

      a6f658ea85ad754cf571f7b67f3360d5417f94bd

    • SHA256

      a94b80a5111aabefb1309609abdd300bb626d861cd8e0938b9735ab711a43c22

    • SHA512

      17867aaa57542c1cd989ca3000f3d93bbb959eb5a69100c70c694bde10db8f8422d3e86e1a5fc0848677e4343c424013cdf496b8bb685f8875c3330271242369

    • SSDEEP

      192:CWBhWg8WYnO/VWQ4eWQLoQLCamylqnajP3Txv4:CWBhWgqU7oQ3Jllz3Vv4

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-debug-l1-1-0.dll

    • Size

      20KB

    • MD5

      a998282826d6091984d7d5f0bf476a31

    • SHA1

      b958281ad7b861e0adcbeb0033932057082ae4fc

    • SHA256

      263e038363527b7bed05110f37f7e5b95f82aab9c0280c9c522cf7bfce10fd7d

    • SHA512

      ba46b6e7649cded62e9c097c29d42a8ea3da52109d285b8ed7aaea9a93c203efcfd856d25cee9bd825c0835b37a1d7a37a8ae55e0e10dc237f0da7013056cf5d

    • SSDEEP

      192:6oWBhW6WYnO/VWQ4eW4IUTyvQLCamylqnajP3TxfMuS:6oWBhWQUVGvQ3Jllz3V/

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      20KB

    • MD5

      c148a26d3d9d39777dabe28dc08cee60

    • SHA1

      4f7537ba8cee5ff774f8d7c3fe4174fc512b70d4

    • SHA256

      085968d938ea924827c4740697713674850218a8fe91dd9982e93b0effacc820

    • SHA512

      6689dfb19898f420632295fb9982668919011784278dc6840716c91ca8dcb434057096640a15fab7a93edf722530451da274d02bb344cd429388412ad11a79e0

    • SSDEEP

      192:IcmxD3mTWBhWnWYnO/VWQ4eWFsz2cA5E8qnajTwgYWmlgF:BVTWBhWXUT2x5E8lvwzWC

    Score
    1/10
    • Target

      Vape V4/jvm.dll

    • Size

      8.4MB

    • MD5

      6f5e0338090bb4e3d2ab8ce05367108f

    • SHA1

      3afb0bc88d7e75cfe0771f5766b96d14faa58cf5

    • SHA256

      f8a7d249e40749bb9795b6dc39069c7a7ec2cddff998b9cb1e0341d794d8cf33

    • SHA512

      991ff902ab40b542d26e861fe864d7090730ba78f2a35fff2316e8250df09eb8d96125861c60af52b9e6dd927fd26718f1c1d3af38834253cac30da2dcde3c17

    • SSDEEP

      196608:DhN3ImMnysGhKwPLeNTKZ2gyp8C+WVUTWnS:DhN3ImMnysGwwPLeN3gxC+WVUanS

    Score
    1/10
    • Target

      Vape V4/libEGL.dll

    • Size

      389KB

    • MD5

      dbd60c4ff3efbf43ba49405daf667a12

    • SHA1

      abb9b917ab039f49a55903a461cb37aaf543afe1

    • SHA256

      5210351a0e0c07c82fc3044a4490a8472b9066f6d85e6d1d8ac76ab989522798

    • SHA512

      cea5c333df197bcb4a32df2529a0c675020d4eb84fe325964793d8371b782f790830c341a91d9ca2a714b78ae63f288bb2a8faeaa7cb206adb6fcd7dd6556078

    • SSDEEP

      6144:v2YEmUEuuSkDY5iwvkrjzSrbOqs4hQ3YlbYMLu4eQfIk:vbEmUEuL/5iwsrahYFQfIk

    Score
    1/10
    • Target

      Vape V4/libGLESv2.dll

    • Size

      3.6MB

    • MD5

      19f2e093e95f04d202318c303c95ff86

    • SHA1

      77bd83b165fea50e8b8c407dfe97222fffe10ae0

    • SHA256

      2a772eef29a9ef78910afd4ff383a3e81cd20358809b3a40aab4b9d9c4f5c857

    • SHA512

      ae25518069350aa521ec54e3321bfb69f401ff8b4020b5b984522a8e8e9534513d3ac0a71cbcdb03393a2e422b258a935a337da0c5808a7ae5444b75baabb1aa

    • SSDEEP

      49152:aymUVmwf+GIweEptvNa3lbPyfmrdt4zq7gm7irTwVLpRIpYpK723Cpsgb5jwa0MO:9VAEpVfmrdt4+7gmnLpRI6IRb

    Score
    1/10
    • Target

      Vape V4/msvcp100.dll

    • Size

      593KB

    • MD5

      d029339c0f59cf662094eddf8c42b2b5

    • SHA1

      a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

    • SHA256

      934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

    • SHA512

      021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

    • SSDEEP

      12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/

    Score
    1/10
    • Target

      Vape V4/msvcr100.dll

    • Size

      809KB

    • MD5

      366fd6f3a451351b5df2d7c4ecf4c73a

    • SHA1

      50db750522b9630757f91b53df377fd4ed4e2d66

    • SHA256

      ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

    • SHA512

      2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

    • SSDEEP

      12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1

    Score
    1/10
    • Target

      Vape V4/npjp2.dll

    • Size

      229KB

    • MD5

      7c287305070fa26e37b1a822fdbd0488

    • SHA1

      4ea4722d514e36f086f8f83ca96c9978e4d21602

    • SHA256

      d3d5d7590ce8b7acbf11629788d15818a7ba58f05cc3e4e6e0a56df14a6cb7a6

    • SHA512

      df53361ece7feacc9e57fbeb2e786d5444a5a901e1a1b12a4e729c5aa8e8a90a7adb93cea962662f7b22642a6c38a2c167204d211c3d73ee8d23ec81bbc79f78

    • SSDEEP

      6144:wo5hlBcNEK7QZWydO/sZCzbBBhxn0qGOqzedSaPp9YkiZDNKZ4mTyyJiKyQBeY6:wyhluNEK723Y6

    Score
    1/10
    • Target

      Vape V4/vape-v4.exe

    • Size

      10.9MB

    • MD5

      ad07bfa01647246e1094bad415b7c9fe

    • SHA1

      51cd9eeddbe7cc6499a15140bdc6b135d7617ef7

    • SHA256

      6d36b308afc3173e03f00b2e3666d596b2a12035bd6dd6366e68799fcbacae59

    • SHA512

      14217a65a36697e42c142c0a30b6f54d9d8c20f9752f7300f0d5149d88a823acef45759c5869cc66679661e2680be2ec0cb3ed98a64dab617a01d0180cccc900

    • SSDEEP

      196608:1hhx7mSOPAVSwLRXgWPmpzdhqiUeNvX+wfm/pf+xfdkRhZWKsnOrIWOzW0DaqhH:PmIV5L1V8dvvX+9/pWFGRDBsnOrIWeRD

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks