General

  • Target

    unsuspicious file.exe

  • Size

    80.3MB

  • Sample

    240726-cwvt8atejd

  • MD5

    65071c7d10244dab2e3aae614fecb501

  • SHA1

    dbf2562e9a67cae1525d79d8f2a3cd1d550d3c26

  • SHA256

    9b2db23fb8020166424a3c8247d1351e3fbe137221fe2e2199036001ba816748

  • SHA512

    0710aed0a82ce2968d804cc71cfdda03b7f6f08353de6a2d721100d1b7e4c11a605fe06d869cba39dee4a129de4431dcdc6fe6c5d53e1fab27067b62269c168c

  • SSDEEP

    1572864:CvxZQgl0b7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWt9pSFcJz7:CvxZxgeSkB05awcSeu5BY9p17

Malware Config

Targets

    • Target

      unsuspicious file.exe

    • Size

      80.3MB

    • MD5

      65071c7d10244dab2e3aae614fecb501

    • SHA1

      dbf2562e9a67cae1525d79d8f2a3cd1d550d3c26

    • SHA256

      9b2db23fb8020166424a3c8247d1351e3fbe137221fe2e2199036001ba816748

    • SHA512

      0710aed0a82ce2968d804cc71cfdda03b7f6f08353de6a2d721100d1b7e4c11a605fe06d869cba39dee4a129de4431dcdc6fe6c5d53e1fab27067b62269c168c

    • SSDEEP

      1572864:CvxZQgl0b7vaSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWt9pSFcJz7:CvxZxgeSkB05awcSeu5BY9p17

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks