General
-
Target
DW_Reynolds_Alpha_V1.07.exe
-
Size
62.4MB
-
Sample
240730-bq5xka1akq
-
MD5
06e8ec8d1efc24b6c2701f795e908006
-
SHA1
0e8d0a32b502261c3ab4ae838109ad9ca749bd51
-
SHA256
9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd
-
SHA512
984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288
-
SSDEEP
1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS
Behavioral task
behavioral1
Sample
DW_Reynolds_Alpha_V1.07.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
DW_Reynolds_Alpha_V1.07.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DW_Reynolds_Alpha_V1.07.exe
-
Size
62.4MB
-
MD5
06e8ec8d1efc24b6c2701f795e908006
-
SHA1
0e8d0a32b502261c3ab4ae838109ad9ca749bd51
-
SHA256
9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd
-
SHA512
984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288
-
SSDEEP
1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-