General
-
Target
Amethyst+Executor+Demo.exe
-
Size
81.4MB
-
Sample
240802-t3ng6a1fjn
-
MD5
3d934c86b6878a52b673ee98688d396c
-
SHA1
eb8e9016ca89689f8cd038f9e1e37090d1ef7df6
-
SHA256
f194d4c0f9f3f95bff5034e093de766bace597191e896c9c90c435f505c34b5d
-
SHA512
fea747746dd95c9264cbb59ce7dc354808a6085e4cd4945b58fcc6e9186dc00528935e5aced6dfbd8c2a3909690f8fb6d2124327f59166d7065ccc000216c098
-
SSDEEP
1572864:t0bZQxlCCz7vaSk8IpG7V+VPhqF6E7HslgwIiYgj+h58sMwEWa1gbq3RR:t0bZIlzeSkB05awFwewa5AP3
Behavioral task
behavioral1
Sample
Amethyst+Executor+Demo.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Amethyst+Executor+Demo.exe
-
Size
81.4MB
-
MD5
3d934c86b6878a52b673ee98688d396c
-
SHA1
eb8e9016ca89689f8cd038f9e1e37090d1ef7df6
-
SHA256
f194d4c0f9f3f95bff5034e093de766bace597191e896c9c90c435f505c34b5d
-
SHA512
fea747746dd95c9264cbb59ce7dc354808a6085e4cd4945b58fcc6e9186dc00528935e5aced6dfbd8c2a3909690f8fb6d2124327f59166d7065ccc000216c098
-
SSDEEP
1572864:t0bZQxlCCz7vaSk8IpG7V+VPhqF6E7HslgwIiYgj+h58sMwEWa1gbq3RR:t0bZIlzeSkB05awFwewa5AP3
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-