General

  • Target

    source_prepared.exe

  • Size

    79.7MB

  • Sample

    231216-pcsa7scgf5

  • MD5

    32c5c7ffa18383abd22cb9ce689cdb42

  • SHA1

    ed41edf7bef0fab788be07d551b535968970dc9b

  • SHA256

    3b1dd7f9f4874a92c3359a390f70e79e2bf256de7deacd4ea3e2f0e845fd1f12

  • SHA512

    6c3e9bb2614da4de65fc61137b732e47368d84a94022c460151170db97fad64eb963fe2dcb7b461b96e88373980c398f0715ac491e593d3c2060be62f2f6e63f

  • SSDEEP

    1572864:D2MoiJR5Q3jXzIV0Sk8IpG7V+VPhqN+r2E7fjCWWlsnghowmaOllRIrWkawHBSWe:DZoC+7PSkB05awN+rHulsghfxOllRUdJ

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      79.7MB

    • MD5

      32c5c7ffa18383abd22cb9ce689cdb42

    • SHA1

      ed41edf7bef0fab788be07d551b535968970dc9b

    • SHA256

      3b1dd7f9f4874a92c3359a390f70e79e2bf256de7deacd4ea3e2f0e845fd1f12

    • SHA512

      6c3e9bb2614da4de65fc61137b732e47368d84a94022c460151170db97fad64eb963fe2dcb7b461b96e88373980c398f0715ac491e593d3c2060be62f2f6e63f

    • SSDEEP

      1572864:D2MoiJR5Q3jXzIV0Sk8IpG7V+VPhqN+r2E7fjCWWlsnghowmaOllRIrWkawHBSWe:DZoC+7PSkB05awN+rHulsghfxOllRUdJ

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks