General
-
Target
Driver_Bypass.exe
-
Size
70.6MB
-
Sample
231116-wejv6sfe3z
-
MD5
8cf6852c194295e3fd93eee63313571f
-
SHA1
64a2ac6070c05f8a63cef19abebb4a606c8deade
-
SHA256
89fab0d3fa372df59a156ffebfa54161ab0bf209399eebbf5887863627330c08
-
SHA512
7f4b24d519196d377192722439fc399554109f5e720d90a56768e5dfc66ccbc4d59079167bed73586293fe209b4c752d348ca22a474d50e79ba1e589ea91a0ee
-
SSDEEP
1572864:S2M1RQvH4Sk8IpG7V+VPhqGELeeE77mHwEr4aWnpqQ5nliPfRmjW2/ZTchhw0:SZDUYSkB05awJImQWGMAn4h2hZAhhw0
Behavioral task
behavioral1
Sample
Driver_Bypass.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Driver_Bypass.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
Driver_Bypass.exe
-
Size
70.6MB
-
MD5
8cf6852c194295e3fd93eee63313571f
-
SHA1
64a2ac6070c05f8a63cef19abebb4a606c8deade
-
SHA256
89fab0d3fa372df59a156ffebfa54161ab0bf209399eebbf5887863627330c08
-
SHA512
7f4b24d519196d377192722439fc399554109f5e720d90a56768e5dfc66ccbc4d59079167bed73586293fe209b4c752d348ca22a474d50e79ba1e589ea91a0ee
-
SSDEEP
1572864:S2M1RQvH4Sk8IpG7V+VPhqGELeeE77mHwEr4aWnpqQ5nliPfRmjW2/ZTchhw0:SZDUYSkB05awJImQWGMAn4h2hZAhhw0
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-