General

  • Target

    source_prepared.exe

  • Size

    104.0MB

  • Sample

    231119-afb13agh7x

  • MD5

    ab4639b518c4bf6bc1165cc1432e6f6c

  • SHA1

    91fa58e654953d6c9ecc28f45787a89efdbddfcb

  • SHA256

    30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99

  • SHA512

    969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2

  • SSDEEP

    3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      104.0MB

    • MD5

      ab4639b518c4bf6bc1165cc1432e6f6c

    • SHA1

      91fa58e654953d6c9ecc28f45787a89efdbddfcb

    • SHA256

      30961d98925afefd945ac5badd7945d0fe21a2f3a53e57dec2c57314ed0cfe99

    • SHA512

      969e04bae4db55dff4dd31957db9dceb84aa94bb9a9afe4686d4317746eb61f1e77851b5049f741c4b1180ea4c280f3e0cce0db1c3ea47f46914dc7634c637e2

    • SSDEEP

      3145728:2ZHZdMxNJS6xjKcBaJR2qHO5i+8zYPYDVhoTgSv2Iall8WVT:fxXSWNaJHHCi5jLxSv2HlF

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks