General
-
Target
PlanetFn.Loader.exe
-
Size
53.0MB
-
Sample
240804-ygz2aatgrm
-
MD5
1fda9f03d094b9af6e12cb5a7b1c0466
-
SHA1
36f1b122ae13c28f43a8ed64d121079e5500567c
-
SHA256
40634fc4d596619c08338c5714bb8165ba33a47f4585ffaecf3c34bddcfdd722
-
SHA512
8ad897312f9f4d96b85b9500427f82c2213418efab271caaa1f14b781e35efbbe83e8302a3a5a101f342d9393b732dc20e88e22057fc9ef7fee30e26d6f63495
-
SSDEEP
1572864:EvHcRlkSk8IpG7V+VPhqQdSsE7FFltFAdW4Nj7uxf:EvHcRmSkB05awkSB3CdRpy
Behavioral task
behavioral1
Sample
PlanetFn.Loader.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
PlanetFn.Loader.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
PlanetFn.Loader.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
PlanetFn.Loader.exe
-
Size
53.0MB
-
MD5
1fda9f03d094b9af6e12cb5a7b1c0466
-
SHA1
36f1b122ae13c28f43a8ed64d121079e5500567c
-
SHA256
40634fc4d596619c08338c5714bb8165ba33a47f4585ffaecf3c34bddcfdd722
-
SHA512
8ad897312f9f4d96b85b9500427f82c2213418efab271caaa1f14b781e35efbbe83e8302a3a5a101f342d9393b732dc20e88e22057fc9ef7fee30e26d6f63495
-
SSDEEP
1572864:EvHcRlkSk8IpG7V+VPhqQdSsE7FFltFAdW4Nj7uxf:EvHcRmSkB05awkSB3CdRpy
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-