Resubmissions

30-07-2024 01:25

240730-bta7cs1bkq 10

30-07-2024 01:21

240730-bq5xka1akq 10

30-07-2024 01:18

240730-bn9gzazhmk 10

General

  • Target

    DW_Reynolds_Alpha_V1.07.exe

  • Size

    62.4MB

  • Sample

    240730-bta7cs1bkq

  • MD5

    06e8ec8d1efc24b6c2701f795e908006

  • SHA1

    0e8d0a32b502261c3ab4ae838109ad9ca749bd51

  • SHA256

    9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd

  • SHA512

    984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288

  • SSDEEP

    1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS

Malware Config

Targets

    • Target

      DW_Reynolds_Alpha_V1.07.exe

    • Size

      62.4MB

    • MD5

      06e8ec8d1efc24b6c2701f795e908006

    • SHA1

      0e8d0a32b502261c3ab4ae838109ad9ca749bd51

    • SHA256

      9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd

    • SHA512

      984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288

    • SSDEEP

      1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks