Overview

overview

10

Static

static

10

source_prepared.exe

windows10-2004-x64

1

source_prepared.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    80.2MB

  • Sample

    240409-3chzeshe48

  • MD5

    0650559651125e15b07eb1fc82cc7c5e

  • SHA1

    dc289771ab1b63b38664179f2a9ce1a029e6124c

  • SHA256

    8d6d9687fc09dc9548620bd967bb1f2155aeb7c63a6352fae446ddd3fac5fafe

  • SHA512

    f1a035d44ad5e3f36f1d85c8c7d21e9c17606f2cc11e0ca3450a66ccc396b044a360919d342b226e936d73ec6d0fd435ddb1ff85eeb12f998c0e3e9cee1287ef

  • SSDEEP

    1572864:nvNBYQ3j0gJSk8IpG7V+VPhqcPE70jC2iYgj+h58sMw2WM9/1L4cJzqA:nvNBY+tJSkB05awcVuI5Kl9/Nfq

Score
10/10
pysilonevasionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      80.2MB

    • MD5

      0650559651125e15b07eb1fc82cc7c5e

    • SHA1

      dc289771ab1b63b38664179f2a9ce1a029e6124c

    • SHA256

      8d6d9687fc09dc9548620bd967bb1f2155aeb7c63a6352fae446ddd3fac5fafe

    • SHA512

      f1a035d44ad5e3f36f1d85c8c7d21e9c17606f2cc11e0ca3450a66ccc396b044a360919d342b226e936d73ec6d0fd435ddb1ff85eeb12f998c0e3e9cee1287ef

    • SSDEEP

      1572864:nvNBYQ3j0gJSk8IpG7V+VPhqcPE70jC2iYgj+h58sMw2WM9/1L4cJzqA:nvNBY+tJSkB05awcVuI5Kl9/Nfq

    Score
    9/10
    evasionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks