General

  • Target

    BlackLine-Logger.exe

  • Size

    74.7MB

  • Sample

    231218-vwl67abhak

  • MD5

    ad820e5e29fe2dd9af12f9872a2ccef1

  • SHA1

    4f2490e9e66e0a2742eafbf5ac7aaec0a954c9fe

  • SHA256

    785b26e6333cb06fb2dd75645a3d9b27fc4ffd42b6a7837b23726bdac9b9ee0b

  • SHA512

    33d9d4b23dad260c926e99de1d55300592d2d2228c1f3250eab30a8fa7b9c78e8593009ba06c4f9a9e3b3be656728b0cc23c309724a6998f0953167e5a142760

  • SSDEEP

    1572864:q2MueQpjSSk8IpG7V+VPhqSSE7VRjRHlWWpyppiZzI+hR1XW63ZB4HD8:qZueqGSkB05awSJRd0eg2zd7XRcj8

Malware Config

Targets

    • Target

      BlackLine-Logger.exe

    • Size

      74.7MB

    • MD5

      ad820e5e29fe2dd9af12f9872a2ccef1

    • SHA1

      4f2490e9e66e0a2742eafbf5ac7aaec0a954c9fe

    • SHA256

      785b26e6333cb06fb2dd75645a3d9b27fc4ffd42b6a7837b23726bdac9b9ee0b

    • SHA512

      33d9d4b23dad260c926e99de1d55300592d2d2228c1f3250eab30a8fa7b9c78e8593009ba06c4f9a9e3b3be656728b0cc23c309724a6998f0953167e5a142760

    • SSDEEP

      1572864:q2MueQpjSSk8IpG7V+VPhqSSE7VRjRHlWWpyppiZzI+hR1XW63ZB4HD8:qZueqGSkB05awSJRd0eg2zd7XRcj8

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks