General

  • Target

    Token generator.exe

  • Size

    75.4MB

  • Sample

    240802-yvn6yataqf

  • MD5

    3ae547080f415b90e80e88bc0a825d11

  • SHA1

    5988149170a1775e643fff319065ca37f2f09b68

  • SHA256

    4ebc5284438a60472271187a188e77e852762e573676505556ccf56b19946e62

  • SHA512

    eccbe74da1801bdc4edc0dc749129331186701c85b5ef083b4d3fbc953d80782a0ca5b908cb53bbe7a310d9aab175285f1e276b6058a906d67d00a6b6ff9b82f

  • SSDEEP

    1572864:ivhQ6lNy7vDSk8IpG7V+VPhqWK8pE7WTDlPNiY4MHHLeqPNLtDSHWirZ2Qa:ivh1qPSkB05awWK8TTD5CMHVLtOXrja

Malware Config

Targets

    • Target

      Token generator.exe

    • Size

      75.4MB

    • MD5

      3ae547080f415b90e80e88bc0a825d11

    • SHA1

      5988149170a1775e643fff319065ca37f2f09b68

    • SHA256

      4ebc5284438a60472271187a188e77e852762e573676505556ccf56b19946e62

    • SHA512

      eccbe74da1801bdc4edc0dc749129331186701c85b5ef083b4d3fbc953d80782a0ca5b908cb53bbe7a310d9aab175285f1e276b6058a906d67d00a6b6ff9b82f

    • SSDEEP

      1572864:ivhQ6lNy7vDSk8IpG7V+VPhqWK8pE7WTDlPNiY4MHHLeqPNLtDSHWirZ2Qa:ivh1qPSkB05awWK8TTD5CMHVLtOXrja

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks