General
-
Target
source_prepared.exe
-
Size
77.5MB
-
Sample
240804-rzpjyaxdrm
-
MD5
82da6b81c976aaeffd2b4c8fca7c1e76
-
SHA1
47e33c1ce126ae4e3d76b2d7a9a4a9ce98f48284
-
SHA256
da0a1b7578170bd469b50cb55f613d15a72ce08b38d5405786ebf0e0e509bbbf
-
SHA512
3af2c6f99e25d732d53afaa33a91fdc6565ca4b2fdcc6101877db59e7bf080fd4304668003c4231f925cf3642acde0d7a2c26f76edcf960be21817563bc9b229
-
SSDEEP
1572864:uvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:uvHcRohTSkB05awqfhdCpukdRzMs9U
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.5MB
-
MD5
82da6b81c976aaeffd2b4c8fca7c1e76
-
SHA1
47e33c1ce126ae4e3d76b2d7a9a4a9ce98f48284
-
SHA256
da0a1b7578170bd469b50cb55f613d15a72ce08b38d5405786ebf0e0e509bbbf
-
SHA512
3af2c6f99e25d732d53afaa33a91fdc6565ca4b2fdcc6101877db59e7bf080fd4304668003c4231f925cf3642acde0d7a2c26f76edcf960be21817563bc9b229
-
SSDEEP
1572864:uvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:uvHcRohTSkB05awqfhdCpukdRzMs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1