General

  • Target

    source_prepared.exe

  • Size

    106.9MB

  • Sample

    240803-vmmrcsthnd

  • MD5

    2b8c09140780ddcef4b569b4ff6247f9

  • SHA1

    b0dd2dc75d3ba4372a231767b1be0683df15fc3b

  • SHA256

    7e619a729dda8cf3ea0eb3187f1c7759929bc00e5bf7f10da944104b8fd99385

  • SHA512

    8b15fc38c2f48919e2d0ed31f3b6bec56756f53e70c6161d615e078b6028b0b02a73227fd60b53f5a3fb5e6fa1c781f196e32a75349ba246c886e24bf5ef4d04

  • SSDEEP

    3145728:NibiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0mp3:g2SWNa6HHCittieBm

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      106.9MB

    • MD5

      2b8c09140780ddcef4b569b4ff6247f9

    • SHA1

      b0dd2dc75d3ba4372a231767b1be0683df15fc3b

    • SHA256

      7e619a729dda8cf3ea0eb3187f1c7759929bc00e5bf7f10da944104b8fd99385

    • SHA512

      8b15fc38c2f48919e2d0ed31f3b6bec56756f53e70c6161d615e078b6028b0b02a73227fd60b53f5a3fb5e6fa1c781f196e32a75349ba246c886e24bf5ef4d04

    • SSDEEP

      3145728:NibiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0mp3:g2SWNa6HHCittieBm

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks