General
-
Target
source_prepared.exe
-
Size
104.0MB
-
Sample
231118-3xhjdsfh85
-
MD5
ab4639b518c4bf6bc1165cc1432e6f6c
-
SHA1
91fa58e654953d6c9ecc28f45787a89efdbddfcb
-
SHA256
30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99
-
SHA512
969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2
-
SSDEEP
3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
104.0MB
-
MD5
ab4639b518c4bf6bc1165cc1432e6f6c
-
SHA1
91fa58e654953d6c9ecc28f45787a89efdbddfcb
-
SHA256
30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99
-
SHA512
969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2
-
SSDEEP
3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1