General

  • Target

    nudes.scr.exe

  • Size

    55.2MB

  • Sample

    231221-v11kdadgc3

  • MD5

    4797f14ef4a490f96479d4ea720e5c31

  • SHA1

    4f766fe3607ba2b8e5bed172510bb8cc7e7c4741

  • SHA256

    5b85773c3aaa690e09ea60b802b9c7a628f2e4823f6a945773938d196f601fc4

  • SHA512

    27e5b5cc4bd600dfb27ca904b55ddcd7f75ac6ae436aaa8b070bb37d41593bf58a032fa7ce905804cc18cae302656294578459f27cfe5d4ea589479aad5c1b14

  • SSDEEP

    1572864:D2MbiJR5Q3jZ8JSk8IpG7V+VPhqF+E7bwjCSKWQScs:DZbC+MSkB05awFMuSK2c

Malware Config

Targets

    • Target

      nudes.scr.exe

    • Size

      55.2MB

    • MD5

      4797f14ef4a490f96479d4ea720e5c31

    • SHA1

      4f766fe3607ba2b8e5bed172510bb8cc7e7c4741

    • SHA256

      5b85773c3aaa690e09ea60b802b9c7a628f2e4823f6a945773938d196f601fc4

    • SHA512

      27e5b5cc4bd600dfb27ca904b55ddcd7f75ac6ae436aaa8b070bb37d41593bf58a032fa7ce905804cc18cae302656294578459f27cfe5d4ea589479aad5c1b14

    • SSDEEP

      1572864:D2MbiJR5Q3jZ8JSk8IpG7V+VPhqF+E7bwjCSKWQScs:DZbC+MSkB05awFMuSK2c

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks