General
-
Target
picgnp.scr
-
Size
103.4MB
-
Sample
240802-vdjckssakp
-
MD5
7fd990bec5ae21e2e4f0d750a32be33c
-
SHA1
a8229c4bdc1c9caef286bd2318937bf230c37948
-
SHA256
1e06cfab030ab6f15445eb936f6031f86984e86e6f9c6876bd568015813c79ad
-
SHA512
b9d1c85f2b0aee82f8cdbbb7300af2da86c263189220ef67c01c0abc0ed72e22b7aec8fabce9a9cfd7c91cf91de49ed944795ab2c0017345d9edb7bface1a431
-
SSDEEP
3145728:GgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWSs9U:CgSWNaIsHCiH1XcBWP
Behavioral task
behavioral1
Sample
picgnp.scr
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
picgnp.scr
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
source_prepared.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
picgnp.scr
-
Size
103.4MB
-
MD5
7fd990bec5ae21e2e4f0d750a32be33c
-
SHA1
a8229c4bdc1c9caef286bd2318937bf230c37948
-
SHA256
1e06cfab030ab6f15445eb936f6031f86984e86e6f9c6876bd568015813c79ad
-
SHA512
b9d1c85f2b0aee82f8cdbbb7300af2da86c263189220ef67c01c0abc0ed72e22b7aec8fabce9a9cfd7c91cf91de49ed944795ab2c0017345d9edb7bface1a431
-
SSDEEP
3145728:GgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWSs9U:CgSWNaIsHCiH1XcBWP
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
source_prepared.pyc
-
Size
168KB
-
MD5
73d836bbd8abcb0b9534b40c5fb757ae
-
SHA1
50964c6fd1f289b1d79bc9c5dd83081c29e40039
-
SHA256
be42ebaf02f10990477d8a358d100cb8e3284ea5f57677503db98ab272d149e0
-
SHA512
d3ee98f35467da085311f5776520c6a9215d652207b1a9156c458c4508664b78370d44eb413f1c71d1f910811b31fb66e04b4eb175d3521752ff3bcd379d9e65
-
SSDEEP
3072:s4f5aOO2UaSMS46o4PZTJ0pZXScT0wfxIvdXz4sTWP:sa5aOO2UaSc6ojpUY0wfnsS
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1