Overview

overview

9

Static

static

3

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    32.8MB

  • Sample

    240706-k3fb4stckj

  • MD5

    8f801e19d4f2b2786c39816d5df21db2

  • SHA1

    2a6e42b5bfd6b78fb86b0f689e4bd87cb92c92f2

  • SHA256

    ce5a6765d597aa025c8f4cd0b12364dbd58f2a31066b54a2bab4c880c0189749

  • SHA512

    243c15fefde6b886e3a3d37bb6af7488a2d214438b9224b48436ed9a37007d59d8861979f67eda80c4fdf42e4a6a630cbd5dc2c28f0acbb9177c65093691399d

  • SSDEEP

    786432:+cRl7G5dbTO5zcY876ulhfXWq8vdW8mrXGjijP5MmrB9R:+cRl76dfME7ZltT0WVpj6q

Score
9/10
executionpyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      32.8MB

    • MD5

      8f801e19d4f2b2786c39816d5df21db2

    • SHA1

      2a6e42b5bfd6b78fb86b0f689e4bd87cb92c92f2

    • SHA256

      ce5a6765d597aa025c8f4cd0b12364dbd58f2a31066b54a2bab4c880c0189749

    • SHA512

      243c15fefde6b886e3a3d37bb6af7488a2d214438b9224b48436ed9a37007d59d8861979f67eda80c4fdf42e4a6a630cbd5dc2c28f0acbb9177c65093691399d

    • SSDEEP

      786432:+cRl7G5dbTO5zcY876ulhfXWq8vdW8mrXGjijP5MmrB9R:+cRl76dfME7ZltT0WVpj6q

    Score
    9/10
    upxexecution

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      204ee497021e32209ddde0c015b4dc19

    • SHA1

      6aa2c039e6b6fbfb3620d4fe42d115553702146b

    • SHA256

      a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2

    • SHA512

      961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12

    • SSDEEP

      96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    behavioral3behavioral4

    • Target

      source_prepared.pyc

    • Size

      100KB

    • MD5

      a16c42a4f0fb5c1d35025ec99e2135d5

    • SHA1

      fa7fa621da00d28e03ff3b3908a9ca23fec41178

    • SHA256

      6c31e5cf27c205e192793e7da557175df8125d4ac94355d38c3a451b44e3d735

    • SHA512

      0db13018ee4391d6f3dc375932e934db2d16d1c34396cfc10dec034cc99eadbe0d9981d6118e343a2e50b64e3e080a43204a0eb65325e373ad895f18660bde86

    • SSDEEP

      3072:u8cUzkogPFLIoVPZTJ0uplQbIvdXzK+siw:ub2koGuoKSpsT

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks