General

  • Target

    DONT OPEN RAT.zip

  • Size

    74.4MB

  • Sample

    240803-e2e23axhma

  • MD5

    442eb2ff2a8b5705388308f64804e661

  • SHA1

    7d5800c85be6a23af754b377e10f2245caa48ca8

  • SHA256

    041c4ba58964ccf1dcae720b2081b747689c2275ed84623b60634077060bf627

  • SHA512

    2f3fabb07951827bc88eaa5a9f587cc81591032708c0c8983b658feba54559a9dfc07d23e2205cdd47954a826d91b66338281deeb8ced4d7f8327389316a6d3e

  • SSDEEP

    1572864:bv/+3tP0pzCKcyG3w7zSJNvW+fuVpBAdbt4toZTd+EJTTPRj42fJFy3EX:bv/itsEKc7A3ae+GBANGoZvTPd4k+W

Malware Config

Targets

    • Target

      DONT OPEN RAT/DONT OPEN VIRUS.exe

    • Size

      74.8MB

    • MD5

      4da052f9770422d1f3b3d2028671586a

    • SHA1

      3c8114f723a2664157eae5ece6500ceb101f6aae

    • SHA256

      a876d153b9aef77a78ae053343753959041317ae92d4a92a8df93e941a1101d7

    • SHA512

      01e7c0d1a6a5435fb7c81abf0fc12c56fd4edde5a4c5936d2e265fd9249d10d5b4f6b7e77fa246ba5d652c159e37f8de9babc3bcfc205d49f67065232d0a247b

    • SSDEEP

      1572864:/0nQ6l77v4Sk8IpG7V+VPhqvzE7WfglPIiY4MHHLeqPNLtD7WpyfZxzr:/0n1FcSkB05awvJfg5LMHVLtvsyfv

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks