General
-
Target
source_prepared.exe
-
Size
77.7MB
-
Sample
240802-hgb2fs1erj
-
MD5
345994b97111f90fca04de68f88f4318
-
SHA1
21d2b50a7f94ce86136a09e7e512401dfbf02e9b
-
SHA256
6ab3fe026f677d339feaf36ad5058f55eb1d9b86e199b6133dd81822e20d1c44
-
SHA512
539c3f75b73fc828ac3a0e7b309b0f9b98b5b8cba06d536e8a9b6c6d8ca0dc9b02a1ef840b04a4c15dfbf9a980c38c7fefb33cf115e15c1d153361cccfd0e258
-
SSDEEP
1572864:fvHcRlqZh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4nauxa/Z9UN/:fvHcRAhTSkB05awqfhdCpukdRzs9U
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.7MB
-
MD5
345994b97111f90fca04de68f88f4318
-
SHA1
21d2b50a7f94ce86136a09e7e512401dfbf02e9b
-
SHA256
6ab3fe026f677d339feaf36ad5058f55eb1d9b86e199b6133dd81822e20d1c44
-
SHA512
539c3f75b73fc828ac3a0e7b309b0f9b98b5b8cba06d536e8a9b6c6d8ca0dc9b02a1ef840b04a4c15dfbf9a980c38c7fefb33cf115e15c1d153361cccfd0e258
-
SSDEEP
1572864:fvHcRlqZh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4nauxa/Z9UN/:fvHcRAhTSkB05awqfhdCpukdRzs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-