General
-
Target
source.exe
-
Size
78.6MB
-
Sample
231129-wsa57abd45
-
MD5
cd0ac9444f8c1af2da0ca2b18d38b916
-
SHA1
0dad43e186a4208a5a49bccdcd49fea7cc967ef2
-
SHA256
3a5fc37142b10cae16e14fd10abb8a45b939ee1ce46cac8f72e4c8d787c85940
-
SHA512
cd023073436c3ab1815a2d7be49c6f8f79dd5de2e7a0c8ace2653881f86aa7ee955eb642d5264673c5e7421fce5ab26d32d34b53536fbfe6d38289d075942c12
-
SSDEEP
1572864:K2MbiJR5Q3jZDISk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:KZbC++SkB05aw+tuOsghfxOllkdawZnb
Behavioral task
behavioral1
Sample
source.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
source.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
source.exe
-
Size
78.6MB
-
MD5
cd0ac9444f8c1af2da0ca2b18d38b916
-
SHA1
0dad43e186a4208a5a49bccdcd49fea7cc967ef2
-
SHA256
3a5fc37142b10cae16e14fd10abb8a45b939ee1ce46cac8f72e4c8d787c85940
-
SHA512
cd023073436c3ab1815a2d7be49c6f8f79dd5de2e7a0c8ace2653881f86aa7ee955eb642d5264673c5e7421fce5ab26d32d34b53536fbfe6d38289d075942c12
-
SSDEEP
1572864:K2MbiJR5Q3jZDISk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:KZbC++SkB05aw+tuOsghfxOllkdawZnb
Score9/10-
Enumerates VirtualBox DLL files
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
3Virtualization/Sandbox Evasion
1