General

  • Target

    PlanetFn.Loader.exe

  • Size

    53.0MB

  • Sample

    240804-ygz2aatgrm

  • MD5

    1fda9f03d094b9af6e12cb5a7b1c0466

  • SHA1

    36f1b122ae13c28f43a8ed64d121079e5500567c

  • SHA256

    40634fc4d596619c08338c5714bb8165ba33a47f4585ffaecf3c34bddcfdd722

  • SHA512

    8ad897312f9f4d96b85b9500427f82c2213418efab271caaa1f14b781e35efbbe83e8302a3a5a101f342d9393b732dc20e88e22057fc9ef7fee30e26d6f63495

  • SSDEEP

    1572864:EvHcRlkSk8IpG7V+VPhqQdSsE7FFltFAdW4Nj7uxf:EvHcRmSkB05awkSB3CdRpy

Malware Config

Targets

    • Target

      PlanetFn.Loader.exe

    • Size

      53.0MB

    • MD5

      1fda9f03d094b9af6e12cb5a7b1c0466

    • SHA1

      36f1b122ae13c28f43a8ed64d121079e5500567c

    • SHA256

      40634fc4d596619c08338c5714bb8165ba33a47f4585ffaecf3c34bddcfdd722

    • SHA512

      8ad897312f9f4d96b85b9500427f82c2213418efab271caaa1f14b781e35efbbe83e8302a3a5a101f342d9393b732dc20e88e22057fc9ef7fee30e26d6f63495

    • SSDEEP

      1572864:EvHcRlkSk8IpG7V+VPhqQdSsE7FFltFAdW4Nj7uxf:EvHcRmSkB05awkSB3CdRpy

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks