General
-
Target
exeloader.exe
-
Size
21KB
-
Sample
240510-1p6vxabf3z
-
MD5
9867d6aaf229ae8565e1a242ff100109
-
SHA1
1c9a26cd9be21abfebce4df8d48bd62a2d6b68d1
-
SHA256
5c941f27a15507f9f8528c8bc0886229df59c7f259ef9c4dc5899d98c8b90739
-
SHA512
6288ac7d742b48c124b4ad1ed0bb268c025f54e647bf5e1cd6dedba94a74b68e8d27a3508e9c393e8781ca3dbac2ab0bc04c156d6185ddb3efe01f566f63dd61
-
SSDEEP
384:ZY27x5O/tjLgJ1bbOIJ14jcJdzth6hmtydO9JAcDHNIu9uQsS:Fx5+LgJxbTnzJdpQhBdO9JAcDHFAQs
Malware Config
Targets
-
-
Target
exeloader.exe
-
Size
21KB
-
MD5
9867d6aaf229ae8565e1a242ff100109
-
SHA1
1c9a26cd9be21abfebce4df8d48bd62a2d6b68d1
-
SHA256
5c941f27a15507f9f8528c8bc0886229df59c7f259ef9c4dc5899d98c8b90739
-
SHA512
6288ac7d742b48c124b4ad1ed0bb268c025f54e647bf5e1cd6dedba94a74b68e8d27a3508e9c393e8781ca3dbac2ab0bc04c156d6185ddb3efe01f566f63dd61
-
SSDEEP
384:ZY27x5O/tjLgJ1bbOIJ14jcJdzth6hmtydO9JAcDHNIu9uQsS:Fx5+LgJxbTnzJdpQhBdO9JAcDHFAQs
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1