Vect — Technical Analysis

VECT 2.0 is a Windows x64 ransomware sample analyzed in depth: it uses ChaCha20 for file encryption but embeds a universal hardcoded 32-byte key and suffers a lost-nonce implementation bug that renders roughly 75% of the content of files larger than 128 KiB irrecoverable; the binary contains no socket-based exfiltration but implements broad enterprise lateral movement via ten PowerShell techniques, network share staging, persistence (Run keys + SafeMode entries), recovery sabotage (vssadmin delete shadows, disabling Defender), and distinctive IOCs (SHA-256 01881a..., extension .vect, marker C:\ProgramData\.vect, Tor onion/chat URL).