General

  • Target

    4797f14ef4a490f96479d4ea720e5c31.bin

  • Size

    54.9MB

  • Sample

    231223-bvdnwadhcr

  • MD5

    0245ede2177b4ce54596ce69ad71d34c

  • SHA1

    019574eedff9b8143fc21e47a306f942dd934250

  • SHA256

    c5bbb918ea2b6bed840afad956a810f62a593af9b3b8d2795bffd82a11eeadaf

  • SHA512

    65991755ec2c39709086984aca7462d8bca6c06b002883de526d5fc2d38b93eb6b7047b5383507a132e12d07931492b39e23e239d2fe1565dee7bfabb64f1a37

  • SSDEEP

    1572864:uNswugSbR/qxOCW8UeiRnDwmFyJg2uxT8TzDC9H6S:uNsns4CWn1pwQ+PuxTezsX

Malware Config

Targets

    • Target

      5b85773c3aaa690e09ea60b802b9c7a628f2e4823f6a945773938d196f601fc4.exe

    • Size

      55.2MB

    • MD5

      4797f14ef4a490f96479d4ea720e5c31

    • SHA1

      4f766fe3607ba2b8e5bed172510bb8cc7e7c4741

    • SHA256

      5b85773c3aaa690e09ea60b802b9c7a628f2e4823f6a945773938d196f601fc4

    • SHA512

      27e5b5cc4bd600dfb27ca904b55ddcd7f75ac6ae436aaa8b070bb37d41593bf58a032fa7ce905804cc18cae302656294578459f27cfe5d4ea589479aad5c1b14

    • SSDEEP

      1572864:D2MbiJR5Q3jZ8JSk8IpG7V+VPhqF+E7bwjCSKWQScs:DZbC+MSkB05awFMuSK2c

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks