General
-
Target
source_prepared.exe
-
Size
77.6MB
-
Sample
240804-tznzhstglh
-
MD5
f7673a8fd3febccf0b8d22f291555694
-
SHA1
ac9d365bdd4145e7de33f52a0d51781dca6f3032
-
SHA256
24c535d81323851074d1abb029f6bcb4c987f902e4d326989716ded7e3e9bd59
-
SHA512
ad6538ba271e30efd4756b617739206cca53dfcf09c65a0024d194ae088f52777d3515b0f7a05a3ff73d19262c98a5ae244c8e70e352db1f47c2e601f7f16860
-
SSDEEP
1572864:tvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:tvHcRXhTSkB05awqfhdCpukdRHs9U
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.6MB
-
MD5
f7673a8fd3febccf0b8d22f291555694
-
SHA1
ac9d365bdd4145e7de33f52a0d51781dca6f3032
-
SHA256
24c535d81323851074d1abb029f6bcb4c987f902e4d326989716ded7e3e9bd59
-
SHA512
ad6538ba271e30efd4756b617739206cca53dfcf09c65a0024d194ae088f52777d3515b0f7a05a3ff73d19262c98a5ae244c8e70e352db1f47c2e601f7f16860
-
SSDEEP
1572864:tvHcRlqkh7vXSk8IpG7V+VPhqWdfME7FFlHFziYweyJulZUdgAdW4+1uxa/Z9UN/:tvHcRXhTSkB05awqfhdCpukdRHs9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-