General

  • Target

    source_prepared.exe

  • Size

    79.6MB

  • Sample

    231212-sp28qaghd3

  • MD5

    f2100c9c730534bbb8d0fad7805d5010

  • SHA1

    90482ed9e68882bc0de35fdc2b1e3c962e43cf91

  • SHA256

    498a8499cc41a87893887a51a8325458d3add125936deb937c20bb7cf13b825d

  • SHA512

    86014d3ce12939059c6068c35a47af1a0648bf1ab5b2653c4aad538dd3dea8291514998258fd8bb06470cc4a0b217c1aae4ff187b5b8a3c79704e15332c3c902

  • SSDEEP

    1572864:72MbiJR5Q3j0D+Sk8IpG7V+VPhqcLE73jC0WlsnghowmaOllpWyXawFBxWBqX:7ZbC+lSkB05awciujsghfxOllp5XawFb

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      79.6MB

    • MD5

      f2100c9c730534bbb8d0fad7805d5010

    • SHA1

      90482ed9e68882bc0de35fdc2b1e3c962e43cf91

    • SHA256

      498a8499cc41a87893887a51a8325458d3add125936deb937c20bb7cf13b825d

    • SHA512

      86014d3ce12939059c6068c35a47af1a0648bf1ab5b2653c4aad538dd3dea8291514998258fd8bb06470cc4a0b217c1aae4ff187b5b8a3c79704e15332c3c902

    • SSDEEP

      1572864:72MbiJR5Q3j0D+Sk8IpG7V+VPhqcLE73jC0WlsnghowmaOllpWyXawFBxWBqX:7ZbC+lSkB05awciujsghfxOllp5XawFb

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks