General

  • Target

    Vape_V4.rar

  • Size

    14.6MB

  • Sample

    241028-yjkz5stmat

  • MD5

    5834cbd632194a0865a755dd2ccb72ec

  • SHA1

    0fb38fbfeab200a45f80c6d2fc2168e4bae2b005

  • SHA256

    c494914f88a57d26ed4d568d267f51dff01868c4096aded6d71634d2df97a375

  • SHA512

    97e1fd61f4d361a45ca89a65aaa2ad205a3708278b863faf84583c693eaf61352b7bd0bfc1b23ecf6a26aeb8992850b80b81ff751a1490f9b07475a9c600ebd8

  • SSDEEP

    393216:PCrd77Ie9m8c3erdShk/83EpW72k6YGHIcn:PoRbt3B/83EwCYGHIcn

Malware Config

Targets

    • Target

      Vape V4/api-ms-win-core-console-l1-1-0.dll

    • Size

      20KB

    • MD5

      39852d24acf76cf0b3a427f46663efdf

    • SHA1

      92b9730c276c6f2a46e583fc815374c823e6098b

    • SHA256

      191e08dea0ad5ac02e7e84669d9fffa5aa67dc696e36077c5fa20d81c80b6a56

    • SHA512

      e6f0898871b769244818d93117fe3cb82cc8f12bb24d6b3406ffcaa2a26f0b5754246b5c739e9cbcf07cb94aabba2fd934e7054607b4086b2f4c5592607e8385

    • SSDEEP

      192:POiWBhWnWYnO/VWQ4SWSUPKUH0jpC52qnajc5x8D:P5WBhWXU8H0Nlg5uD

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-console-l1-2-0.dll

    • Size

      20KB

    • MD5

      f33ec623aa4a2bd4c004d3befe0bdd08

    • SHA1

      79a3c89d842d502f989fb5a3eaeabccb0abae8d2

    • SHA256

      9e04918d9e751dbc56d0251d3ada573381b469a012599554d72aa4affda9658a

    • SHA512

      be24a3cb876d617f8054fd49dd815d89473b053bab175373169a1cb0f016ccd05a718da9a8c29de66690f02bdd60782222928ecd2e24aa5128573e67356e5af2

    • SSDEEP

      192:Q6WBhWvWYnO/VWQ4uWp0QLCamylqnajP3Tx7:DWBhWfUJQ3Jllz3V7

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-datetime-l1-1-0.dll

    • Size

      20KB

    • MD5

      b71c18f8966cead654800ff402c6520f

    • SHA1

      a6f658ea85ad754cf571f7b67f3360d5417f94bd

    • SHA256

      a94b80a5111aabefb1309609abdd300bb626d861cd8e0938b9735ab711a43c22

    • SHA512

      17867aaa57542c1cd989ca3000f3d93bbb959eb5a69100c70c694bde10db8f8422d3e86e1a5fc0848677e4343c424013cdf496b8bb685f8875c3330271242369

    • SSDEEP

      192:CWBhWg8WYnO/VWQ4eWQLoQLCamylqnajP3Txv4:CWBhWgqU7oQ3Jllz3Vv4

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-debug-l1-1-0.dll

    • Size

      20KB

    • MD5

      a998282826d6091984d7d5f0bf476a31

    • SHA1

      b958281ad7b861e0adcbeb0033932057082ae4fc

    • SHA256

      263e038363527b7bed05110f37f7e5b95f82aab9c0280c9c522cf7bfce10fd7d

    • SHA512

      ba46b6e7649cded62e9c097c29d42a8ea3da52109d285b8ed7aaea9a93c203efcfd856d25cee9bd825c0835b37a1d7a37a8ae55e0e10dc237f0da7013056cf5d

    • SSDEEP

      192:6oWBhW6WYnO/VWQ4eW4IUTyvQLCamylqnajP3TxfMuS:6oWBhWQUVGvQ3Jllz3V/

    Score
    1/10
    • Target

      Vape V4/api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      20KB

    • MD5

      c148a26d3d9d39777dabe28dc08cee60

    • SHA1

      4f7537ba8cee5ff774f8d7c3fe4174fc512b70d4

    • SHA256

      085968d938ea924827c4740697713674850218a8fe91dd9982e93b0effacc820

    • SHA512

      6689dfb19898f420632295fb9982668919011784278dc6840716c91ca8dcb434057096640a15fab7a93edf722530451da274d02bb344cd429388412ad11a79e0

    • SSDEEP

      192:IcmxD3mTWBhWnWYnO/VWQ4eWFsz2cA5E8qnajTwgYWmlgF:BVTWBhWXUT2x5E8lvwzWC

    Score
    1/10
    • Target

      Vape V4/jvm.dll

    • Size

      8.4MB

    • MD5

      6f5e0338090bb4e3d2ab8ce05367108f

    • SHA1

      3afb0bc88d7e75cfe0771f5766b96d14faa58cf5

    • SHA256

      f8a7d249e40749bb9795b6dc39069c7a7ec2cddff998b9cb1e0341d794d8cf33

    • SHA512

      991ff902ab40b542d26e861fe864d7090730ba78f2a35fff2316e8250df09eb8d96125861c60af52b9e6dd927fd26718f1c1d3af38834253cac30da2dcde3c17

    • SSDEEP

      196608:DhN3ImMnysGhKwPLeNTKZ2gyp8C+WVUTWnS:DhN3ImMnysGwwPLeN3gxC+WVUanS

    Score
    1/10
    • Target

      Vape V4/libEGL.dll

    • Size

      389KB

    • MD5

      dbd60c4ff3efbf43ba49405daf667a12

    • SHA1

      abb9b917ab039f49a55903a461cb37aaf543afe1

    • SHA256

      5210351a0e0c07c82fc3044a4490a8472b9066f6d85e6d1d8ac76ab989522798

    • SHA512

      cea5c333df197bcb4a32df2529a0c675020d4eb84fe325964793d8371b782f790830c341a91d9ca2a714b78ae63f288bb2a8faeaa7cb206adb6fcd7dd6556078

    • SSDEEP

      6144:v2YEmUEuuSkDY5iwvkrjzSrbOqs4hQ3YlbYMLu4eQfIk:vbEmUEuL/5iwsrahYFQfIk

    Score
    1/10
    • Target

      Vape V4/libGLESv2.dll

    • Size

      3.6MB

    • MD5

      19f2e093e95f04d202318c303c95ff86

    • SHA1

      77bd83b165fea50e8b8c407dfe97222fffe10ae0

    • SHA256

      2a772eef29a9ef78910afd4ff383a3e81cd20358809b3a40aab4b9d9c4f5c857

    • SHA512

      ae25518069350aa521ec54e3321bfb69f401ff8b4020b5b984522a8e8e9534513d3ac0a71cbcdb03393a2e422b258a935a337da0c5808a7ae5444b75baabb1aa

    • SSDEEP

      49152:aymUVmwf+GIweEptvNa3lbPyfmrdt4zq7gm7irTwVLpRIpYpK723Cpsgb5jwa0MO:9VAEpVfmrdt4+7gmnLpRI6IRb

    Score
    1/10
    • Target

      Vape V4/msvcp100.dll

    • Size

      593KB

    • MD5

      d029339c0f59cf662094eddf8c42b2b5

    • SHA1

      a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

    • SHA256

      934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

    • SHA512

      021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

    • SSDEEP

      12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/

    Score
    1/10
    • Target

      Vape V4/msvcr100.dll

    • Size

      809KB

    • MD5

      366fd6f3a451351b5df2d7c4ecf4c73a

    • SHA1

      50db750522b9630757f91b53df377fd4ed4e2d66

    • SHA256

      ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

    • SHA512

      2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

    • SSDEEP

      12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1

    Score
    1/10
    • Target

      Vape V4/npjp2.dll

    • Size

      229KB

    • MD5

      7c287305070fa26e37b1a822fdbd0488

    • SHA1

      4ea4722d514e36f086f8f83ca96c9978e4d21602

    • SHA256

      d3d5d7590ce8b7acbf11629788d15818a7ba58f05cc3e4e6e0a56df14a6cb7a6

    • SHA512

      df53361ece7feacc9e57fbeb2e786d5444a5a901e1a1b12a4e729c5aa8e8a90a7adb93cea962662f7b22642a6c38a2c167204d211c3d73ee8d23ec81bbc79f78

    • SSDEEP

      6144:wo5hlBcNEK7QZWydO/sZCzbBBhxn0qGOqzedSaPp9YkiZDNKZ4mTyyJiKyQBeY6:wyhluNEK723Y6

    Score
    1/10
    • Target

      Vape V4/vape-v4.exe

    • Size

      10.9MB

    • MD5

      0e515fd93f6760499ba52fbf1b5fe52a

    • SHA1

      dcbdeb1aeaa4465ca1be1653c61bd8ff6f9aaefc

    • SHA256

      95fa253b5086c61006a134c2921e4f3d4a5285fc061882ce6b19a82e0ebe2e88

    • SHA512

      7ae1ab12a736bab4dac98118a0acfe6b90061173862fcdb852c193d2cb0e3c71160e053f0ad6393a8ff8b63bf35b81c051d7ebb2f607ee7355ce0e7841ea9132

    • SSDEEP

      196608:whax/PAVSwLRXgWPmpzdhqiUeNvX+wfm/pf+xfdkRhZWKsnOrIWOzW0DaqhH:bAV5L1V8dvvX+9/pWFGRDBsnOrIWeRao

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    • Exelastealer family

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks