General
-
Target
source_prepared.exe
-
Size
74.0MB
-
Sample
231122-y3475aee27
-
MD5
29f991e7f4496a3125e90e92c6bec577
-
SHA1
53a3207c45d328b529142b6cf3993d8c2cc95d6a
-
SHA256
34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5
-
SHA512
b2e8e180605bc29e4b9998960825e80d5ac9c2a8c1ff4eac1a21cd994f7223964e379b6ca9c03a8b94f6bd2eac35dc86728a114c3897d12cf01ab7c094039e86
-
SSDEEP
1572864:I2MueQpjWkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW6TnZvyh+kh:IZueqKkSkB05awS8Rd0eg2zd7XV8vh
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
74.0MB
-
MD5
29f991e7f4496a3125e90e92c6bec577
-
SHA1
53a3207c45d328b529142b6cf3993d8c2cc95d6a
-
SHA256
34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5
-
SHA512
b2e8e180605bc29e4b9998960825e80d5ac9c2a8c1ff4eac1a21cd994f7223964e379b6ca9c03a8b94f6bd2eac35dc86728a114c3897d12cf01ab7c094039e86
-
SSDEEP
1572864:I2MueQpjWkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW6TnZvyh+kh:IZueqKkSkB05awS8Rd0eg2zd7XV8vh
Score9/10-
Enumerates VirtualBox DLL files
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1