General
-
Target
source_prepared.exe
-
Size
106.9MB
-
Sample
240803-vmmrcsthnd
-
MD5
2b8c09140780ddcef4b569b4ff6247f9
-
SHA1
b0dd2dc75d3ba4372a231767b1be0683df15fc3b
-
SHA256
7e619a729dda8cf3ea0eb3187f1c7759929bc00e5bf7f10da944104b8fd99385
-
SHA512
8b15fc38c2f48919e2d0ed31f3b6bec56756f53e70c6161d615e078b6028b0b02a73227fd60b53f5a3fb5e6fa1c781f196e32a75349ba246c886e24bf5ef4d04
-
SSDEEP
3145728:NibiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0mp3:g2SWNa6HHCittieBm
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
106.9MB
-
MD5
2b8c09140780ddcef4b569b4ff6247f9
-
SHA1
b0dd2dc75d3ba4372a231767b1be0683df15fc3b
-
SHA256
7e619a729dda8cf3ea0eb3187f1c7759929bc00e5bf7f10da944104b8fd99385
-
SHA512
8b15fc38c2f48919e2d0ed31f3b6bec56756f53e70c6161d615e078b6028b0b02a73227fd60b53f5a3fb5e6fa1c781f196e32a75349ba246c886e24bf5ef4d04
-
SSDEEP
3145728:NibiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0mp3:g2SWNa6HHCittieBm
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-