General
-
Target
Token generator.exe
-
Size
75.4MB
-
Sample
240802-yvn6yataqf
-
MD5
3ae547080f415b90e80e88bc0a825d11
-
SHA1
5988149170a1775e643fff319065ca37f2f09b68
-
SHA256
4ebc5284438a60472271187a188e77e852762e573676505556ccf56b19946e62
-
SHA512
eccbe74da1801bdc4edc0dc749129331186701c85b5ef083b4d3fbc953d80782a0ca5b908cb53bbe7a310d9aab175285f1e276b6058a906d67d00a6b6ff9b82f
-
SSDEEP
1572864:ivhQ6lNy7vDSk8IpG7V+VPhqWK8pE7WTDlPNiY4MHHLeqPNLtDSHWirZ2Qa:ivh1qPSkB05awWK8TTD5CMHVLtOXrja
Behavioral task
behavioral1
Sample
Token generator.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Token generator.exe
-
Size
75.4MB
-
MD5
3ae547080f415b90e80e88bc0a825d11
-
SHA1
5988149170a1775e643fff319065ca37f2f09b68
-
SHA256
4ebc5284438a60472271187a188e77e852762e573676505556ccf56b19946e62
-
SHA512
eccbe74da1801bdc4edc0dc749129331186701c85b5ef083b4d3fbc953d80782a0ca5b908cb53bbe7a310d9aab175285f1e276b6058a906d67d00a6b6ff9b82f
-
SSDEEP
1572864:ivhQ6lNy7vDSk8IpG7V+VPhqWK8pE7WTDlPNiY4MHHLeqPNLtDSHWirZ2Qa:ivh1qPSkB05awWK8TTD5CMHVLtOXrja
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1