General
-
Target
source_prepared.exe
-
Size
48.4MB
-
Sample
240803-hwsyhs1bpf
-
MD5
8023d96acadca3a0375546dff42f3351
-
SHA1
e22622171e4c500ad57b9c979266d845a0cd866e
-
SHA256
10cde937c491ed6cf1eba8ae0d42032ec5f46e5ec09f70d6ab4e755bade6b527
-
SHA512
b3d61be18d6afa17cf5b06b6deba9e46bc98012d0b5f246a104b4210a933a1d027e21554555e30cd3e94cedf23cca633dc8abeefc812685ac47fa9afbd7e9cf7
-
SSDEEP
1572864:K0nQ6lArSk8IpG7V+VPhqvRE7WzlPTWSfwEZg:K0n1QSkB05awv7z5TvIE
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
source_prepared.pyc
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
48.4MB
-
MD5
8023d96acadca3a0375546dff42f3351
-
SHA1
e22622171e4c500ad57b9c979266d845a0cd866e
-
SHA256
10cde937c491ed6cf1eba8ae0d42032ec5f46e5ec09f70d6ab4e755bade6b527
-
SHA512
b3d61be18d6afa17cf5b06b6deba9e46bc98012d0b5f246a104b4210a933a1d027e21554555e30cd3e94cedf23cca633dc8abeefc812685ac47fa9afbd7e9cf7
-
SSDEEP
1572864:K0nQ6lArSk8IpG7V+VPhqvRE7WzlPTWSfwEZg:K0n1QSkB05awv7z5TvIE
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
source_prepared.pyc
-
Size
50KB
-
MD5
e58da0bbef9355f009ff86bf7809cc14
-
SHA1
9e22a02329aec26661eacbd96fbb99eba82350d2
-
SHA256
f8539465a14dab031915858b8126a6479534d415e39b484d34cf831e6a781baa
-
SHA512
6c7adb48263a5d50a6fdce5a3ea4dae30b6b7017610d23020f196d8b66c990b12ca7dab4997b7d5ffaeb327e9c624497fa79d7070b22eeea37936baa6ac92c56
-
SSDEEP
768:HmIqlgJ+8L6r9RNQzJjmlTFcYb1cMpu2RFpq94WUNfAoDBU6kjJFSq:GBgQdN+ETFRpFFzAodkXz
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1