General

  • Target

    wow.exe

  • Size

    104.1MB

  • Sample

    240726-zjswesxapc

  • MD5

    86b2e00613d2c563bec0880718ff7608

  • SHA1

    e1aa2e01ca9e5e3ffa488981528d49310f8e397b

  • SHA256

    03e8e70854eaa2bcb350e98d9901b3d1bd35c59c4e81227f49a9d5f3f1e5be90

  • SHA512

    7dd36e4ba13bd50e99c31238748113694d89aec1e3a11b1f56daf2903297dbafd5f631fd8bd37bc63ab316e345ed4a3470cc76c3b74de262d6ca67fcf15728be

  • SSDEEP

    3145728:0COb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWpMs9U:egSWNaIsHCiH1XcBWn

Malware Config

Targets

    • Target

      wow.exe

    • Size

      104.1MB

    • MD5

      86b2e00613d2c563bec0880718ff7608

    • SHA1

      e1aa2e01ca9e5e3ffa488981528d49310f8e397b

    • SHA256

      03e8e70854eaa2bcb350e98d9901b3d1bd35c59c4e81227f49a9d5f3f1e5be90

    • SHA512

      7dd36e4ba13bd50e99c31238748113694d89aec1e3a11b1f56daf2903297dbafd5f631fd8bd37bc63ab316e345ed4a3470cc76c3b74de262d6ca67fcf15728be

    • SSDEEP

      3145728:0COb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWpMs9U:egSWNaIsHCiH1XcBWn

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks