General

  • Target

    pic‮gnp.scr

  • Size

    103.4MB

  • Sample

    240802-vdjckssakp

  • MD5

    7fd990bec5ae21e2e4f0d750a32be33c

  • SHA1

    a8229c4bdc1c9caef286bd2318937bf230c37948

  • SHA256

    1e06cfab030ab6f15445eb936f6031f86984e86e6f9c6876bd568015813c79ad

  • SHA512

    b9d1c85f2b0aee82f8cdbbb7300af2da86c263189220ef67c01c0abc0ed72e22b7aec8fabce9a9cfd7c91cf91de49ed944795ab2c0017345d9edb7bface1a431

  • SSDEEP

    3145728:GgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWSs9U:CgSWNaIsHCiH1XcBWP

Malware Config

Targets

    • Target

      pic‮gnp.scr

    • Size

      103.4MB

    • MD5

      7fd990bec5ae21e2e4f0d750a32be33c

    • SHA1

      a8229c4bdc1c9caef286bd2318937bf230c37948

    • SHA256

      1e06cfab030ab6f15445eb936f6031f86984e86e6f9c6876bd568015813c79ad

    • SHA512

      b9d1c85f2b0aee82f8cdbbb7300af2da86c263189220ef67c01c0abc0ed72e22b7aec8fabce9a9cfd7c91cf91de49ed944795ab2c0017345d9edb7bface1a431

    • SSDEEP

      3145728:GgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWSs9U:CgSWNaIsHCiH1XcBWP

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      source_prepared.pyc

    • Size

      168KB

    • MD5

      73d836bbd8abcb0b9534b40c5fb757ae

    • SHA1

      50964c6fd1f289b1d79bc9c5dd83081c29e40039

    • SHA256

      be42ebaf02f10990477d8a358d100cb8e3284ea5f57677503db98ab272d149e0

    • SHA512

      d3ee98f35467da085311f5776520c6a9215d652207b1a9156c458c4508664b78370d44eb413f1c71d1f910811b31fb66e04b4eb175d3521752ff3bcd379d9e65

    • SSDEEP

      3072:s4f5aOO2UaSMS46o4PZTJ0pZXScT0wfxIvdXz4sTWP:sa5aOO2UaSc6ojpUY0wfnsS

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks