General
-
Target
source_prepared.exe
-
Size
75.7MB
-
Sample
240803-y44mzsthnm
-
MD5
2e296b2c1292f261c5b434c32f3e3e5c
-
SHA1
2b493d72568f2c60a505b0310b38db025f1ac39e
-
SHA256
93c26cc0a1657260fdc0c12f6eaa1df62625db1c342e41a9d8e8236ae504de86
-
SHA512
e278e800d0d825c4bbcc42210294224684b7a38ed993ae636e9d425da4b1ce2a5a85b17a9684ac487f152c6684d742f0364c23071e59a30241a699eb3625ee9f
-
SSDEEP
1572864:5vhQ6lG7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSW3J9ZgfK0:5vh1MPSkB05awIxTy5nMHVLteSc2K0
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
75.7MB
-
MD5
2e296b2c1292f261c5b434c32f3e3e5c
-
SHA1
2b493d72568f2c60a505b0310b38db025f1ac39e
-
SHA256
93c26cc0a1657260fdc0c12f6eaa1df62625db1c342e41a9d8e8236ae504de86
-
SHA512
e278e800d0d825c4bbcc42210294224684b7a38ed993ae636e9d425da4b1ce2a5a85b17a9684ac487f152c6684d742f0364c23071e59a30241a699eb3625ee9f
-
SSDEEP
1572864:5vhQ6lG7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSW3J9ZgfK0:5vh1MPSkB05awIxTy5nMHVLteSc2K0
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1