General
-
Target
source_prepared.exe
-
Size
48.3MB
-
Sample
240803-hql8sawdlq
-
MD5
8d54964c9e79a8ccdd956bc21429285d
-
SHA1
3989c443c0601ce516996c6e921ec0ff982fd08c
-
SHA256
14238e258942fb69b9f3e793c5c0e17069035ef2c7b6a8ee7567f2cacd292d90
-
SHA512
4fd2599624caa7e8a9685fc09a5d5e620b648cb07265a9420744ac3b4c3641be6fa838d606bb857ffeb69014cde9a150ec49bde2391905cc554ddf05b76e7fc3
-
SSDEEP
1572864:J0nQ6l8Sk8IpG7V+VPhqvRE7WzlPTWwZW9Z8:J0n1qSkB05awv7z5TlM9
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
48.3MB
-
MD5
8d54964c9e79a8ccdd956bc21429285d
-
SHA1
3989c443c0601ce516996c6e921ec0ff982fd08c
-
SHA256
14238e258942fb69b9f3e793c5c0e17069035ef2c7b6a8ee7567f2cacd292d90
-
SHA512
4fd2599624caa7e8a9685fc09a5d5e620b648cb07265a9420744ac3b4c3641be6fa838d606bb857ffeb69014cde9a150ec49bde2391905cc554ddf05b76e7fc3
-
SSDEEP
1572864:J0nQ6l8Sk8IpG7V+VPhqvRE7WzlPTWwZW9Z8:J0n1qSkB05awv7z5TlM9
-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-