General

  • Target

    1fee49039268102b38572d91df65fdaa.bin

  • Size

    77.5MB

  • Sample

    240730-bgk6sszepj

  • MD5

    1fee49039268102b38572d91df65fdaa

  • SHA1

    1cbfdc7bf14d72bf5ad2a697eb76cc89c52bfede

  • SHA256

    d7233aa2661a9eaa2d57a40296d4701bace72b421423c72e8d090bd8a3704a3d

  • SHA512

    77ac40ddaa387df0c448e8f36d8c9110649ecff8517c2d5c25903f217f79d89aea88d8b09054e54b5bf1f8e111177adfa689ae6471cf9608fa665629f5e97309

  • SSDEEP

    1572864:7vHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4rj6uxa/Z9UK:7vHcRohTSkB05awqfhdCpukdRXTs9U

Malware Config

Targets

    • Target

      1fee49039268102b38572d91df65fdaa.bin

    • Size

      77.5MB

    • MD5

      1fee49039268102b38572d91df65fdaa

    • SHA1

      1cbfdc7bf14d72bf5ad2a697eb76cc89c52bfede

    • SHA256

      d7233aa2661a9eaa2d57a40296d4701bace72b421423c72e8d090bd8a3704a3d

    • SHA512

      77ac40ddaa387df0c448e8f36d8c9110649ecff8517c2d5c25903f217f79d89aea88d8b09054e54b5bf1f8e111177adfa689ae6471cf9608fa665629f5e97309

    • SSDEEP

      1572864:7vHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4rj6uxa/Z9UK:7vHcRohTSkB05awqfhdCpukdRXTs9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks