General

  • Target

    source_prepared.exe

  • Size

    36.6MB

  • Sample

    240802-vjwvvsxbka

  • MD5

    46709edf42b1b832c23baae96a3f97ba

  • SHA1

    c26c39cdbbaa987d77318e476335e49e75855679

  • SHA256

    8086614336a15f4cf834ede34b8b1e0bafb0be71c436baabbac9bbd2de348caa

  • SHA512

    824bc9676aed8ea01be0335ddfa35cb2caeda92d155bf40f2c9df1977619779258723fe0bc36018a94e6f783e157ec75d6cc3dfde2d658968175b72e2d8e58e6

  • SSDEEP

    786432:I9Z9HcRl0ph7vDldbTO5zcY876uFlvfXee7K8vCW8zlTT0TnFKg/YFrhaSe+:qvHcRl0ph7vBdfME7FFlHFudW4ViodfO

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      36.6MB

    • MD5

      46709edf42b1b832c23baae96a3f97ba

    • SHA1

      c26c39cdbbaa987d77318e476335e49e75855679

    • SHA256

      8086614336a15f4cf834ede34b8b1e0bafb0be71c436baabbac9bbd2de348caa

    • SHA512

      824bc9676aed8ea01be0335ddfa35cb2caeda92d155bf40f2c9df1977619779258723fe0bc36018a94e6f783e157ec75d6cc3dfde2d658968175b72e2d8e58e6

    • SSDEEP

      786432:I9Z9HcRl0ph7vDldbTO5zcY876uFlvfXee7K8vCW8zlTT0TnFKg/YFrhaSe+:qvHcRl0ph7vBdfME7FFlHFudW4ViodfO

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks