General
-
Target
source_prepared.rar
-
Size
74.9MB
-
Sample
240729-ehy1tsscmk
-
MD5
85bd675392ce59fc6b8756f03d5453db
-
SHA1
e245841a5461676ddb7d961476756a6d74efb2f3
-
SHA256
511b184ad3a9ce8a213af999fa5ef2cb7c8151572de0271fe6f8bba132bf6674
-
SHA512
1a683c8fa08ea501f61df4798b1959ac36a0400e65a6ca41dfb8e63d7faf260a702da22764783b6cb717429b3988bf2d5e025ccc05a86a57d7342bbfccffa891
-
SSDEEP
1572864:pFy2HOX1MYhchD/PvdSPtzMj6hXWOYyWtD4uxyaAftOQ:Dy2PkeD/9MRMj6B9daD49P
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
78.5MB
-
MD5
c2bfb78460bde129040d0666f6996098
-
SHA1
499bd8919bc230a439958c27f69ad60d66ed6f87
-
SHA256
ce285a69a9112c9802ba891e81cd3100ff4e1b7ddd22a83d76a954a0d569318d
-
SHA512
f04a84b20268009010d36363944c453544698bacdbd3912022abbcd2b883b4bc32e69fdda93d18ab87c4646536647fe9714cde3be9fb9fcb691ef853e7e24f16
-
SSDEEP
1572864:ZvHcRlVh7vXSk8IpG7V+VPhqWdfME7ZlH/iYweyJulZUdgu0WVgjvcRqZ9UdS:ZvHcRHhTSkB05awqfvdQpuK0cUd9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1