General
-
Target
source_prepared.exe
-
Size
79.0MB
-
Sample
231121-z5rkgsgf72
-
MD5
b7db55b5ff8cac5c3d0dc03194bb0ab4
-
SHA1
bd8e19e56896ae54e9e32b7642a57019c2d0da34
-
SHA256
51c93532ffb7856f212e09a8238e14104b6b294d82ce9f7006d792067d7087b4
-
SHA512
955b827f35c26eb27e1dcec5bb1f95efb3af8ffc69cbebe26d360a0395fa687aac5d8ed05b31194f664f1705409a9b0195db41725410aba00718444d01661158
-
SSDEEP
1572864:32MbiJR5Q3jX2UjSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWHawxBSWVI:3ZbC+79SkB05awb+THubsghfxOlldSm7
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
79.0MB
-
MD5
b7db55b5ff8cac5c3d0dc03194bb0ab4
-
SHA1
bd8e19e56896ae54e9e32b7642a57019c2d0da34
-
SHA256
51c93532ffb7856f212e09a8238e14104b6b294d82ce9f7006d792067d7087b4
-
SHA512
955b827f35c26eb27e1dcec5bb1f95efb3af8ffc69cbebe26d360a0395fa687aac5d8ed05b31194f664f1705409a9b0195db41725410aba00718444d01661158
-
SSDEEP
1572864:32MbiJR5Q3jX2UjSk8IpG7V+VPhqb+TDE7GjCMWlsnghowmaOlldIlWHawxBSWVI:3ZbC+79SkB05awb+THubsghfxOlldSm7
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1