General
-
Target
Macro_Setup.exe
-
Size
77.7MB
-
Sample
240803-xabjns1gpp
-
MD5
b363a5b39ecac353597750e76363867b
-
SHA1
8a99ebcfa66daa9cf46bcf9a45921e1d4534836b
-
SHA256
40d5da64907b3f46451f0517d5631334d2881a09e2b4bdcf8ff03b0aeabbf01c
-
SHA512
1758f40a4fe32abb83fe07063b6b57c34931fcc09f568218e3ce99825052b6c144ea1c69bb113bba37332a9ee7b0ec89488c75b289871cea720930338f07a8ed
-
SSDEEP
1572864:IvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:IvHcRXhTSkB05awqfhdCpukdRHs9U
Behavioral task
behavioral1
Sample
Macro_Setup.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Macro_Setup.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Macro_Setup.exe
-
Size
77.7MB
-
MD5
b363a5b39ecac353597750e76363867b
-
SHA1
8a99ebcfa66daa9cf46bcf9a45921e1d4534836b
-
SHA256
40d5da64907b3f46451f0517d5631334d2881a09e2b4bdcf8ff03b0aeabbf01c
-
SHA512
1758f40a4fe32abb83fe07063b6b57c34931fcc09f568218e3ce99825052b6c144ea1c69bb113bba37332a9ee7b0ec89488c75b289871cea720930338f07a8ed
-
SSDEEP
1572864:IvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:IvHcRXhTSkB05awqfhdCpukdRHs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-