General

  • Target

    source_prepared.exe

  • Size

    80.9MB

  • Sample

    240729-fy43fsyflc

  • MD5

    d59ea679f2426ed83f766aff300a2248

  • SHA1

    71d09a8184b04a5c900013a9666e8963ef4c151f

  • SHA256

    5f4d6f76d818add8fd04b0883a813618e1ff2d2be6a1643916b672c61e5d41cb

  • SHA512

    89264e72e2eac230b789a53ce7eaa243d2db76f29c818afab5014b9cd7dff47b6e858c07390afc3cdcb67370a6165909722048540d62a68e4137db5b53f17ee3

  • SSDEEP

    1572864:uvxZQglXEo7vaSk8IpG7V+VPhqO+ydE7UlgSiYgj+h58sMwIIKW49xqScJX0:uvxZxRleSkB05awO+ypec5k1p9xA0

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      80.9MB

    • MD5

      d59ea679f2426ed83f766aff300a2248

    • SHA1

      71d09a8184b04a5c900013a9666e8963ef4c151f

    • SHA256

      5f4d6f76d818add8fd04b0883a813618e1ff2d2be6a1643916b672c61e5d41cb

    • SHA512

      89264e72e2eac230b789a53ce7eaa243d2db76f29c818afab5014b9cd7dff47b6e858c07390afc3cdcb67370a6165909722048540d62a68e4137db5b53f17ee3

    • SSDEEP

      1572864:uvxZQglXEo7vaSk8IpG7V+VPhqO+ydE7UlgSiYgj+h58sMwIIKW49xqScJX0:uvxZxRleSkB05awO+ypec5k1p9xA0

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks