General
-
Target
Vape-V4-4.10 (FIXED).rar
-
Size
24.0MB
-
Sample
241030-tgqemayjgk
-
MD5
01abe0a83dfa8d0696e922865209463f
-
SHA1
8e8b0314999a2bdae9f741667af0f8b2861f81aa
-
SHA256
88745950cd5b50bb6dda601dd8913a7e1c1d5dca49468c6c65107f2caface85f
-
SHA512
e669bb776968c2e49d06d016fef2a201925fc403279daa66e62e361d360f573577ada2888f3911b51a7ec6ce2729f9873870c0f03131fd3dfa7a855f51b67fe7
-
SSDEEP
393216:p1YXyOJmpS17iGtDmm67eBwFsCwK+39djZ0X7sX0GyLQIItNzo5y8bxGs:vhORdp67LFsCwKK9dV0oX0RLQIItNOpz
Static task
static1
Behavioral task
behavioral1
Sample
Vape-V4-4.10 (FIXED)/Vape4DLL.dll
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Vape-V4-4.10 (FIXED)/vape-loader.jar
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Vape-V4-4.10 (FIXED)/vape.bat
Resource
win11-20241007-en
Malware Config
Extracted
quasar
1.0.0.0
v2.2.6 | Tinsler
throbbing-mountain-09011.pktriot.net:22112
167.71.56.116:22112
throbbing-mountain-09011.pktriot.net:5050
cf16a257-7d89-4296-8384-8fca3dbb568f
-
encryption_key
045F98A287DD47B8B5C074D234995A2C5A913042
-
install_name
.exe
-
log_directory
$sxr-Logs
-
reconnect_delay
1000
Targets
-
-
Target
Vape-V4-4.10 (FIXED)/Vape4DLL.dll
-
Size
5.0MB
-
MD5
6990d8eccbb8bbc6b5835ba7d94ffe4c
-
SHA1
48ca050052c5db2fe8861a9eadbf2d6689e924cd
-
SHA256
1634d50dc2263dff2305de904ddf903467a6edcc464a778fcf77e4ca8df8365f
-
SHA512
d41b89be7a35b3738c1518fd93b5f8ace6c69fea66ca33cfa38ebf22a9c27967b37f70e10e8afd59c171a72a0b4a087bce5ee022eb009a8f17e368df32559953
-
SSDEEP
98304:IIo/Y7mgTm05AwJHE6hnRVL6MgbscSEd17E7GV3td:INg7PAmkOvgoXYI7GVP
Score1/10 -
-
-
Target
Vape-V4-4.10 (FIXED)/vape-loader.jar
-
Size
5.7MB
-
MD5
942b440da0b181b775771d1543084f30
-
SHA1
666ac2ae1d22c0ad657d89e2074044d27b9caa18
-
SHA256
5fdcb68e0b267332bf806b1e465c0e55eb2b8140c932c2b8856de804c83f1a55
-
SHA512
41d05c4c12696a0c70c3640ba282154d5987cf66742999c5ecfdcfb66e62c4276c4a8afdc7f98211a195441184057b0ca9ed4a7526950987671db9f8b99214e6
-
SSDEEP
98304:CDbPd7m1KUTz0KPXX2jPlSS1i3oG7bMDtILXHdGE9EWaDMg0gzAmUnlJ5ruI+69P:2LpJUTN/oPES1i3oG0qJVGWmMgxzAn5L
Score1/10 -
-
-
Target
Vape-V4-4.10 (FIXED)/vape.bat
-
Size
12.5MB
-
MD5
cf5b412ffc3ce43cd7ddce602fc67f56
-
SHA1
221dfcd0868158f676c472d8a5bcf9647f0c7d51
-
SHA256
84ba648cfdd5c2ae8d3292fcc1702e385a1a26e915bd7275b5fde776212f2724
-
SHA512
695489d3b02863c382dc4b044bd80825b3f46eadfe4647619a0036da7ab3405b7925e89a457b19ee57995a59dcf8d5f9df237cd4d5d59a6cee3914aeaee2a8ef
-
SSDEEP
49152:mmlB6XvIxKx/znMtw4e/x4dA+ilmm5C5rsw1y1lkGxJW5RXLnfaWixbVoZmb0nYk:b
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
1Hidden Window
1Indicator Removal
1Clear Windows Event Logs
1