Overview

overview

10

Static

static

7

Kangaroo Patcher.exe

windows10-2004-x64

10

Kangaroo.dll

windows10-2004-x64

1

Vape_Lite.exe

windows10-2004-x64

Resubmissions

22-02-2025 00:44

250222-a3l5jsvkfq 10

22-02-2025 00:40

250222-a1gr2stmh1 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Vape Lite.zip

  • Size

    6.5MB

  • Sample

    250222-a3l5jsvkfq

  • MD5

    d7f16ac289a1779b7e237e80307092b6

  • SHA1

    554696fac8de40c759a0c631b91363d6f590f8fc

  • SHA256

    ef86a58c9c0a8767a87a8e803854102083f18f7114161424b580999e78fcd500

  • SHA512

    f9b57cd0e71975c0eb59798d487c4e30a4a04232a23dcf86538f2976fdda8aa3ca7eed21c8a8a74d550115a908b35b8920e575047dc4b3c23d45ff0fe58bf2f4

  • SSDEEP

    196608:9qByvouIX3QaAV8T6pSO6FDijMl2MOJ2QzDz3GD:wNRAa+pR6AHMQzPWD

Score
10/10
nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealerthemidatrojan

Malware Config

Targets

    • Target

      Kangaroo Patcher.exe

    • Size

      11KB

    • MD5

      bf28450278273ab1c3ebdd4c98bc9222

    • SHA1

      4eb8db0a3816a4d6a627a4fa9367b46c787968fe

    • SHA256

      2a22fe56bc686e4e518318fdd4634f76b6d230baa4b820b4978bda236e4fd500

    • SHA512

      6c888383fa7816eb0d904f914e6525827c43f0ef068ab55300ea2506d24722ec06fbdabbbb5de0452322fc0697d9089981ba08e75e9d5bf67d1a91b16650b573

    • SSDEEP

      192:XRdsxj+V2qTo8OvXcHGMbMJo05GMje3Q5tfWlQskD:XRdsxj42quX0NbMJRNa32su

    Score
    10/10
    nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Nanocore family

      nanocore

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

    • Target

      Kangaroo.dll

    • Size

      37KB

    • MD5

      0202563145fb353f35c915cdbe5474f8

    • SHA1

      01b1ea50745a3824e68330b0339a44e27c9068e9

    • SHA256

      5223fc529531a32c6111ef6e93e33d134961490831b6711db1ed87b3f93574bd

    • SHA512

      8d972347f6e87fb0639033e22df9687a30363423a650cc872d6746582eb03274c673727c2287d9ba12df0cd68e4deecfcbb3d11c130e122022b57c6088c6309d

    • SSDEEP

      768:yPGh18G4BxUz6jPypNKLf7wtGHBpc/HO27:S+1YUWrypNKPbBp8u27

    Score
    1/10
    behavioral2

    • Target

      Vape_Lite.exe

    • Size

      111KB

    • MD5

      ec43b5f3507da331fc31992f52cc2ae6

    • SHA1

      0a6360dfcb31b3703540ef3ea9b7dc760e4e7deb

    • SHA256

      ff610c8f1e9a49803fa4c93b982b6b5ed2fa7bf0d759c6979c92d0d3c0b70629

    • SHA512

      a179d26d7e0633c1405e1b3a7e25fa52746b130e1462120870c4b0149539354fb8cf49b53a37de49b70c836e58d658bfa0ac7e047330d041d549e62f5dc6661c

    • SSDEEP

      3072:CDicN1sV3J1nCheecTxBfCCwAO3gtNdh/IwKWG3c93kOglVcC59vQAm:wi2sxCh9cT3fClstPh/1Gy3kplZvg

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks