General

  • Target

    source_prepared.exe

  • Size

    77.5MB

  • Sample

    240804-rzpjyaxdrm

  • MD5

    82da6b81c976aaeffd2b4c8fca7c1e76

  • SHA1

    47e33c1ce126ae4e3d76b2d7a9a4a9ce98f48284

  • SHA256

    da0a1b7578170bd469b50cb55f613d15a72ce08b38d5405786ebf0e0e509bbbf

  • SHA512

    3af2c6f99e25d732d53afaa33a91fdc6565ca4b2fdcc6101877db59e7bf080fd4304668003c4231f925cf3642acde0d7a2c26f76edcf960be21817563bc9b229

  • SSDEEP

    1572864:uvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:uvHcRohTSkB05awqfhdCpukdRzMs9U

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      77.5MB

    • MD5

      82da6b81c976aaeffd2b4c8fca7c1e76

    • SHA1

      47e33c1ce126ae4e3d76b2d7a9a4a9ce98f48284

    • SHA256

      da0a1b7578170bd469b50cb55f613d15a72ce08b38d5405786ebf0e0e509bbbf

    • SHA512

      3af2c6f99e25d732d53afaa33a91fdc6565ca4b2fdcc6101877db59e7bf080fd4304668003c4231f925cf3642acde0d7a2c26f76edcf960be21817563bc9b229

    • SSDEEP

      1572864:uvHcRlqNh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW43j5uxa/Z9UK:uvHcRohTSkB05awqfhdCpukdRzMs9U

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks