General
-
Target
ImageLoggerV9.exe
-
Size
74.7MB
-
Sample
231126-pdjqfshc41
-
MD5
6d32b1f5cb8ef1f0adc48fb9d15c71c2
-
SHA1
fa197aadb6721117d53d05907e9fc2ba5d14743f
-
SHA256
4ec4df15c4127aedd1a468b26c1d6b2ccda6f4f4bfede5d7f6cbe3db96207090
-
SHA512
6c043f4e7238afe81dd271cc4cc934ffc769aacce724c6a6d092e8a90e82e3962ebf75099bb87cf10c07dd7fbc31b0448ba57aecbae4f193833194ea9561d480
-
SSDEEP
1572864:cT2MueQpjkkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWKGZjyhfq:0ZueqwkSkB05awS8Rd0eg2zd7XEQhq
Behavioral task
behavioral1
Sample
ImageLoggerV9.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
ImageLoggerV9.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
ImageLoggerV9.exe
-
Size
74.7MB
-
MD5
6d32b1f5cb8ef1f0adc48fb9d15c71c2
-
SHA1
fa197aadb6721117d53d05907e9fc2ba5d14743f
-
SHA256
4ec4df15c4127aedd1a468b26c1d6b2ccda6f4f4bfede5d7f6cbe3db96207090
-
SHA512
6c043f4e7238afe81dd271cc4cc934ffc769aacce724c6a6d092e8a90e82e3962ebf75099bb87cf10c07dd7fbc31b0448ba57aecbae4f193833194ea9561d480
-
SSDEEP
1572864:cT2MueQpjkkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWKGZjyhfq:0ZueqwkSkB05awS8Rd0eg2zd7XEQhq
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1