General
-
Target
lowkey_spoofer_cracked_fixed_by_nemesis_team.exe
-
Size
75.3MB
-
Sample
240701-j7wzzsvamn
-
MD5
c0263a62d2c03a92ab3936520f1a7edb
-
SHA1
79804d69c109308b10123eda45a722508dfc40be
-
SHA256
c824242e6bd784f592d34e6ab946c4784b8144bc15e1e5ad637151ef3a205d12
-
SHA512
19d91f494162b1d7adbd705af565c0cf3137c9617e7328231eeb93a062be2ba189bc9abb8ff5d2e8d5cb2dcf7f63b8bd18ec2132d6b0df3d10c024edeb41322f
-
SSDEEP
1572864:DvFUQpjkuwSk8IpG7V+VPhqS0E7WZRjRH2PRQvS6f97PyhonB08yfXWulZvFVN:DvFUqA7SkB05awSgZRdW2S6f9jnB08Qd
Malware Config
Targets
-
-
Target
lowkey_spoofer_cracked_fixed_by_nemesis_team.exe
-
Size
75.3MB
-
MD5
c0263a62d2c03a92ab3936520f1a7edb
-
SHA1
79804d69c109308b10123eda45a722508dfc40be
-
SHA256
c824242e6bd784f592d34e6ab946c4784b8144bc15e1e5ad637151ef3a205d12
-
SHA512
19d91f494162b1d7adbd705af565c0cf3137c9617e7328231eeb93a062be2ba189bc9abb8ff5d2e8d5cb2dcf7f63b8bd18ec2132d6b0df3d10c024edeb41322f
-
SSDEEP
1572864:DvFUQpjkuwSk8IpG7V+VPhqS0E7WZRjRH2PRQvS6f97PyhonB08yfXWulZvFVN:DvFUqA7SkB05awSgZRdW2S6f9jnB08Qd
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-