General
-
Target
b224e32968b9865ef18de785addd7a126cf766260bbb5e5a2bc75bc4a88e5f41
-
Size
77.7MB
-
Sample
240803-xky3qawgrd
-
MD5
7655744af608e8f12218470cd2198e1d
-
SHA1
e1b903c0704e026794a10f19db3ec58b0e3678c8
-
SHA256
b224e32968b9865ef18de785addd7a126cf766260bbb5e5a2bc75bc4a88e5f41
-
SHA512
10419026873f08fb9dc36d782e5ece0862f56f0aa2cb533241d0e8205584272f645c0f51b3698c8b3de38d9a32d73f33c6e6d3e87430e0a35feeb83129dd8e1c
-
SSDEEP
1572864:WvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4CSuxa/Z9UN/:WvHcRXhTSkB05awqfhdCpukdRcs9U
Malware Config
Targets
-
-
Target
b224e32968b9865ef18de785addd7a126cf766260bbb5e5a2bc75bc4a88e5f41
-
Size
77.7MB
-
MD5
7655744af608e8f12218470cd2198e1d
-
SHA1
e1b903c0704e026794a10f19db3ec58b0e3678c8
-
SHA256
b224e32968b9865ef18de785addd7a126cf766260bbb5e5a2bc75bc4a88e5f41
-
SHA512
10419026873f08fb9dc36d782e5ece0862f56f0aa2cb533241d0e8205584272f645c0f51b3698c8b3de38d9a32d73f33c6e6d3e87430e0a35feeb83129dd8e1c
-
SSDEEP
1572864:WvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4CSuxa/Z9UN/:WvHcRXhTSkB05awqfhdCpukdRcs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-