General
-
Target
1fee49039268102b38572d91df65fdaa.bin
-
Size
77.5MB
-
Sample
240730-bgk6sszepj
-
MD5
1fee49039268102b38572d91df65fdaa
-
SHA1
1cbfdc7bf14d72bf5ad2a697eb76cc89c52bfede
-
SHA256
d7233aa2661a9eaa2d57a40296d4701bace72b421423c72e8d090bd8a3704a3d
-
SHA512
77ac40ddaa387df0c448e8f36d8c9110649ecff8517c2d5c25903f217f79d89aea88d8b09054e54b5bf1f8e111177adfa689ae6471cf9608fa665629f5e97309
-
SSDEEP
1572864:7vHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4rj6uxa/Z9UK:7vHcRohTSkB05awqfhdCpukdRXTs9U
Behavioral task
behavioral1
Sample
1fee49039268102b38572d91df65fdaa.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
1fee49039268102b38572d91df65fdaa.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
1fee49039268102b38572d91df65fdaa.bin
-
Size
77.5MB
-
MD5
1fee49039268102b38572d91df65fdaa
-
SHA1
1cbfdc7bf14d72bf5ad2a697eb76cc89c52bfede
-
SHA256
d7233aa2661a9eaa2d57a40296d4701bace72b421423c72e8d090bd8a3704a3d
-
SHA512
77ac40ddaa387df0c448e8f36d8c9110649ecff8517c2d5c25903f217f79d89aea88d8b09054e54b5bf1f8e111177adfa689ae6471cf9608fa665629f5e97309
-
SSDEEP
1572864:7vHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4rj6uxa/Z9UK:7vHcRohTSkB05awqfhdCpukdRXTs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-