General

  • Target

    source_prepared.exe

  • Size

    103.6MB

  • Sample

    240801-kx1qvsxalf

  • MD5

    455a9b01120f5117ffbfcba000b87027

  • SHA1

    f903c72e054a3298a67f5301898362d9b2278eb4

  • SHA256

    39efcea56e5c786d357d12a813906571bd489b6cd78aa00ed51ed3b612662516

  • SHA512

    92219d2ba9517a9881f96ec40ca48f373de2e1d99d4c9bd3ece792ee9c08ee5e51e034dfac781e4417606d6bd65274c233b1df372b778bb0060c57b5f39194ff

  • SSDEEP

    3145728:igOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWNs9U:GgSWNaIsHCiH1XcBWy

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      103.6MB

    • MD5

      455a9b01120f5117ffbfcba000b87027

    • SHA1

      f903c72e054a3298a67f5301898362d9b2278eb4

    • SHA256

      39efcea56e5c786d357d12a813906571bd489b6cd78aa00ed51ed3b612662516

    • SHA512

      92219d2ba9517a9881f96ec40ca48f373de2e1d99d4c9bd3ece792ee9c08ee5e51e034dfac781e4417606d6bd65274c233b1df372b778bb0060c57b5f39194ff

    • SSDEEP

      3145728:igOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWNs9U:GgSWNaIsHCiH1XcBWy

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks