Overview
overview
10Static
static
3Vape V4/ap...-0.dll
windows10-2004-x64
1Vape V4/ap...-0.dll
windows10-2004-x64
1Vape V4/ap...-0.dll
windows10-2004-x64
1Vape V4/ap...-0.dll
windows10-2004-x64
1Vape V4/ap...-0.dll
windows10-2004-x64
1Vape V4/jvm.dll
windows7-x64
1Vape V4/jvm.dll
windows10-2004-x64
1Vape V4/libEGL.dll
windows7-x64
1Vape V4/libEGL.dll
windows10-2004-x64
1Vape V4/libGLESv2.dll
windows7-x64
1Vape V4/libGLESv2.dll
windows10-2004-x64
1Vape V4/msvcp100.dll
windows7-x64
1Vape V4/msvcp100.dll
windows10-2004-x64
1Vape V4/msvcr100.dll
windows7-x64
1Vape V4/msvcr100.dll
windows10-2004-x64
1Vape V4/npjp2.dll
windows7-x64
1Vape V4/npjp2.dll
windows10-2004-x64
1Vape V4/vape-v4.exe
windows7-x64
7Vape V4/vape-v4.exe
windows10-2004-x64
10General
-
Target
Vape_V4(2).rar
-
Size
14.6MB
-
Sample
241028-yjf17awcjl
-
MD5
029504c15b770ca7db29eeb7a9334103
-
SHA1
3dc68216dd75954edc70ec6037563b7b803c9949
-
SHA256
8531f0e00bd3595777a4e76832ed81c932c69371b5be79b9b5a5cbec8f9732e6
-
SHA512
8e08daa74c1c32f488cbd665168c6b58062b24556da9636d3e83c498640069b737639b19ccb367f26292bd7914496983d06bc4476d849af0d2d9aec3bf7a6d20
-
SSDEEP
393216:4Crd77Ie9m8cxixsLlEdlCjugPom3QzI0:4oRbtwfaQjlp3Qz3
Behavioral task
behavioral1
Sample
Vape V4/api-ms-win-core-console-l1-1-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Vape V4/api-ms-win-core-console-l1-2-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Vape V4/api-ms-win-core-datetime-l1-1-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
Vape V4/api-ms-win-core-debug-l1-1-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Vape V4/api-ms-win-core-errorhandling-l1-1-0.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
Vape V4/jvm.dll
Resource
win7-20241010-en
Behavioral task
behavioral7
Sample
Vape V4/jvm.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
Vape V4/libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
Vape V4/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
Vape V4/libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
Vape V4/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
Vape V4/msvcp100.dll
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
Vape V4/msvcp100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
Vape V4/msvcr100.dll
Resource
win7-20241010-en
Behavioral task
behavioral15
Sample
Vape V4/msvcr100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
Vape V4/npjp2.dll
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
Vape V4/npjp2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
Vape V4/vape-v4.exe
Resource
win7-20240708-en
Behavioral task
behavioral19
Sample
Vape V4/vape-v4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Vape V4/api-ms-win-core-console-l1-1-0.dll
-
Size
20KB
-
MD5
39852d24acf76cf0b3a427f46663efdf
-
SHA1
92b9730c276c6f2a46e583fc815374c823e6098b
-
SHA256
191e08dea0ad5ac02e7e84669d9fffa5aa67dc696e36077c5fa20d81c80b6a56
-
SHA512
e6f0898871b769244818d93117fe3cb82cc8f12bb24d6b3406ffcaa2a26f0b5754246b5c739e9cbcf07cb94aabba2fd934e7054607b4086b2f4c5592607e8385
-
SSDEEP
192:POiWBhWnWYnO/VWQ4SWSUPKUH0jpC52qnajc5x8D:P5WBhWXU8H0Nlg5uD
Score1/10 -
-
-
Target
Vape V4/api-ms-win-core-console-l1-2-0.dll
-
Size
20KB
-
MD5
f33ec623aa4a2bd4c004d3befe0bdd08
-
SHA1
79a3c89d842d502f989fb5a3eaeabccb0abae8d2
-
SHA256
9e04918d9e751dbc56d0251d3ada573381b469a012599554d72aa4affda9658a
-
SHA512
be24a3cb876d617f8054fd49dd815d89473b053bab175373169a1cb0f016ccd05a718da9a8c29de66690f02bdd60782222928ecd2e24aa5128573e67356e5af2
-
SSDEEP
192:Q6WBhWvWYnO/VWQ4uWp0QLCamylqnajP3Tx7:DWBhWfUJQ3Jllz3V7
Score1/10 -
-
-
Target
Vape V4/api-ms-win-core-datetime-l1-1-0.dll
-
Size
20KB
-
MD5
b71c18f8966cead654800ff402c6520f
-
SHA1
a6f658ea85ad754cf571f7b67f3360d5417f94bd
-
SHA256
a94b80a5111aabefb1309609abdd300bb626d861cd8e0938b9735ab711a43c22
-
SHA512
17867aaa57542c1cd989ca3000f3d93bbb959eb5a69100c70c694bde10db8f8422d3e86e1a5fc0848677e4343c424013cdf496b8bb685f8875c3330271242369
-
SSDEEP
192:CWBhWg8WYnO/VWQ4eWQLoQLCamylqnajP3Txv4:CWBhWgqU7oQ3Jllz3Vv4
Score1/10 -
-
-
Target
Vape V4/api-ms-win-core-debug-l1-1-0.dll
-
Size
20KB
-
MD5
a998282826d6091984d7d5f0bf476a31
-
SHA1
b958281ad7b861e0adcbeb0033932057082ae4fc
-
SHA256
263e038363527b7bed05110f37f7e5b95f82aab9c0280c9c522cf7bfce10fd7d
-
SHA512
ba46b6e7649cded62e9c097c29d42a8ea3da52109d285b8ed7aaea9a93c203efcfd856d25cee9bd825c0835b37a1d7a37a8ae55e0e10dc237f0da7013056cf5d
-
SSDEEP
192:6oWBhW6WYnO/VWQ4eW4IUTyvQLCamylqnajP3TxfMuS:6oWBhWQUVGvQ3Jllz3V/
Score1/10 -
-
-
Target
Vape V4/api-ms-win-core-errorhandling-l1-1-0.dll
-
Size
20KB
-
MD5
c148a26d3d9d39777dabe28dc08cee60
-
SHA1
4f7537ba8cee5ff774f8d7c3fe4174fc512b70d4
-
SHA256
085968d938ea924827c4740697713674850218a8fe91dd9982e93b0effacc820
-
SHA512
6689dfb19898f420632295fb9982668919011784278dc6840716c91ca8dcb434057096640a15fab7a93edf722530451da274d02bb344cd429388412ad11a79e0
-
SSDEEP
192:IcmxD3mTWBhWnWYnO/VWQ4eWFsz2cA5E8qnajTwgYWmlgF:BVTWBhWXUT2x5E8lvwzWC
Score1/10 -
-
-
Target
Vape V4/jvm.dll
-
Size
8.4MB
-
MD5
6f5e0338090bb4e3d2ab8ce05367108f
-
SHA1
3afb0bc88d7e75cfe0771f5766b96d14faa58cf5
-
SHA256
f8a7d249e40749bb9795b6dc39069c7a7ec2cddff998b9cb1e0341d794d8cf33
-
SHA512
991ff902ab40b542d26e861fe864d7090730ba78f2a35fff2316e8250df09eb8d96125861c60af52b9e6dd927fd26718f1c1d3af38834253cac30da2dcde3c17
-
SSDEEP
196608:DhN3ImMnysGhKwPLeNTKZ2gyp8C+WVUTWnS:DhN3ImMnysGwwPLeN3gxC+WVUanS
Score1/10 -
-
-
Target
Vape V4/libEGL.dll
-
Size
389KB
-
MD5
dbd60c4ff3efbf43ba49405daf667a12
-
SHA1
abb9b917ab039f49a55903a461cb37aaf543afe1
-
SHA256
5210351a0e0c07c82fc3044a4490a8472b9066f6d85e6d1d8ac76ab989522798
-
SHA512
cea5c333df197bcb4a32df2529a0c675020d4eb84fe325964793d8371b782f790830c341a91d9ca2a714b78ae63f288bb2a8faeaa7cb206adb6fcd7dd6556078
-
SSDEEP
6144:v2YEmUEuuSkDY5iwvkrjzSrbOqs4hQ3YlbYMLu4eQfIk:vbEmUEuL/5iwsrahYFQfIk
Score1/10 -
-
-
Target
Vape V4/libGLESv2.dll
-
Size
3.6MB
-
MD5
19f2e093e95f04d202318c303c95ff86
-
SHA1
77bd83b165fea50e8b8c407dfe97222fffe10ae0
-
SHA256
2a772eef29a9ef78910afd4ff383a3e81cd20358809b3a40aab4b9d9c4f5c857
-
SHA512
ae25518069350aa521ec54e3321bfb69f401ff8b4020b5b984522a8e8e9534513d3ac0a71cbcdb03393a2e422b258a935a337da0c5808a7ae5444b75baabb1aa
-
SSDEEP
49152:aymUVmwf+GIweEptvNa3lbPyfmrdt4zq7gm7irTwVLpRIpYpK723Cpsgb5jwa0MO:9VAEpVfmrdt4+7gmnLpRI6IRb
Score1/10 -
-
-
Target
Vape V4/msvcp100.dll
-
Size
593KB
-
MD5
d029339c0f59cf662094eddf8c42b2b5
-
SHA1
a0b6de44255ce7bfade9a5b559dd04f2972bfdc8
-
SHA256
934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c
-
SHA512
021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82
-
SSDEEP
12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/
Score1/10 -
-
-
Target
Vape V4/msvcr100.dll
-
Size
809KB
-
MD5
366fd6f3a451351b5df2d7c4ecf4c73a
-
SHA1
50db750522b9630757f91b53df377fd4ed4e2d66
-
SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5
-
SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130
-
SSDEEP
12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1
Score1/10 -
-
-
Target
Vape V4/npjp2.dll
-
Size
229KB
-
MD5
7c287305070fa26e37b1a822fdbd0488
-
SHA1
4ea4722d514e36f086f8f83ca96c9978e4d21602
-
SHA256
d3d5d7590ce8b7acbf11629788d15818a7ba58f05cc3e4e6e0a56df14a6cb7a6
-
SHA512
df53361ece7feacc9e57fbeb2e786d5444a5a901e1a1b12a4e729c5aa8e8a90a7adb93cea962662f7b22642a6c38a2c167204d211c3d73ee8d23ec81bbc79f78
-
SSDEEP
6144:wo5hlBcNEK7QZWydO/sZCzbBBhxn0qGOqzedSaPp9YkiZDNKZ4mTyyJiKyQBeY6:wyhluNEK723Y6
Score1/10 -
-
-
Target
Vape V4/vape-v4.exe
-
Size
10.9MB
-
MD5
ad07bfa01647246e1094bad415b7c9fe
-
SHA1
51cd9eeddbe7cc6499a15140bdc6b135d7617ef7
-
SHA256
6d36b308afc3173e03f00b2e3666d596b2a12035bd6dd6366e68799fcbacae59
-
SHA512
14217a65a36697e42c142c0a30b6f54d9d8c20f9752f7300f0d5149d88a823acef45759c5869cc66679661e2680be2ec0cb3ed98a64dab617a01d0180cccc900
-
SSDEEP
196608:1hhx7mSOPAVSwLRXgWPmpzdhqiUeNvX+wfm/pf+xfdkRhZWKsnOrIWOzW0DaqhH:PmIV5L1V8dvvX+9/pWFGRDBsnOrIWeRD
-
Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
-
Exelastealer family
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Service Discovery
1Permission Groups Discovery
1Local Groups
1Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1Wi-Fi Discovery
1System Network Connections Discovery
1