General
-
Target
Image Logger Creater.exe
-
Size
74.5MB
-
Sample
231130-z7qe7sag6x
-
MD5
86a41dd7f55fa30a6b9aee8e1792906a
-
SHA1
733a36437aca64603dffd663032322f7da5bd873
-
SHA256
0b3cda79a820f532cf7000c66377cb24a4ed04ce0012ab268b02a5c868c7a1ad
-
SHA512
1f5c25cdfd806d26c6e24ae9754c238ef67705947de7617468f418043b147b64d84e5b3298bd13beb89d0d4ad0016341a7c0e17a0fb5e17be39ebaad6c5bf0ff
-
SSDEEP
1572864:IPV2MueQpjnkSk8IpG7V+VPhqILE7ARjRnWWWpyppiZzI+hReSW+/8Z5/Rj5:OVZueqzkSkB05awIRRdleg2zdESIrRt
Behavioral task
behavioral1
Sample
Image Logger Creater.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Image Logger Creater.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
Image Logger Creater.exe
-
Size
74.5MB
-
MD5
86a41dd7f55fa30a6b9aee8e1792906a
-
SHA1
733a36437aca64603dffd663032322f7da5bd873
-
SHA256
0b3cda79a820f532cf7000c66377cb24a4ed04ce0012ab268b02a5c868c7a1ad
-
SHA512
1f5c25cdfd806d26c6e24ae9754c238ef67705947de7617468f418043b147b64d84e5b3298bd13beb89d0d4ad0016341a7c0e17a0fb5e17be39ebaad6c5bf0ff
-
SSDEEP
1572864:IPV2MueQpjnkSk8IpG7V+VPhqILE7ARjRnWWWpyppiZzI+hReSW+/8Z5/Rj5:OVZueqzkSkB05awIRRdleg2zdESIrRt
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1