General

  • Target

    source_prepared.rar

  • Size

    74.9MB

  • Sample

    240729-ehy1tsscmk

  • MD5

    85bd675392ce59fc6b8756f03d5453db

  • SHA1

    e245841a5461676ddb7d961476756a6d74efb2f3

  • SHA256

    511b184ad3a9ce8a213af999fa5ef2cb7c8151572de0271fe6f8bba132bf6674

  • SHA512

    1a683c8fa08ea501f61df4798b1959ac36a0400e65a6ca41dfb8e63d7faf260a702da22764783b6cb717429b3988bf2d5e025ccc05a86a57d7342bbfccffa891

  • SSDEEP

    1572864:pFy2HOX1MYhchD/PvdSPtzMj6hXWOYyWtD4uxyaAftOQ:Dy2PkeD/9MRMj6B9daD49P

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      78.5MB

    • MD5

      c2bfb78460bde129040d0666f6996098

    • SHA1

      499bd8919bc230a439958c27f69ad60d66ed6f87

    • SHA256

      ce285a69a9112c9802ba891e81cd3100ff4e1b7ddd22a83d76a954a0d569318d

    • SHA512

      f04a84b20268009010d36363944c453544698bacdbd3912022abbcd2b883b4bc32e69fdda93d18ab87c4646536647fe9714cde3be9fb9fcb691ef853e7e24f16

    • SSDEEP

      1572864:ZvHcRlVh7vXSk8IpG7V+VPhqWdfME7ZlH/iYweyJulZUdgu0WVgjvcRqZ9UdS:ZvHcRHhTSkB05awqfvdQpuK0cUd9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks