General
-
Target
source_prepared.exe
-
Size
75.7MB
-
Sample
240805-vgetkawdqc
-
MD5
1b4d47e5ac02484f85a1ccdae271fb21
-
SHA1
dbdc89b7d7dac86b1fbd873885c0099f52e8c1d5
-
SHA256
e7016dad25d513c8361c7998e43f04c826402eee2550030351eb7d8ea75d5731
-
SHA512
7c39fc841a0218ab9a33b7a94a9176fc0e628677a4e2c6e014a07e8d4558197cdeff90b372d65a739f1659b38f643a5217d8ef66f72bbce18891f829156018e9
-
SSDEEP
1572864:nvhQ6luM7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWPLZQ8/A:nvh1sMPSkB05awIxTy5nMHVLteS6v/A
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
75.7MB
-
MD5
1b4d47e5ac02484f85a1ccdae271fb21
-
SHA1
dbdc89b7d7dac86b1fbd873885c0099f52e8c1d5
-
SHA256
e7016dad25d513c8361c7998e43f04c826402eee2550030351eb7d8ea75d5731
-
SHA512
7c39fc841a0218ab9a33b7a94a9176fc0e628677a4e2c6e014a07e8d4558197cdeff90b372d65a739f1659b38f643a5217d8ef66f72bbce18891f829156018e9
-
SSDEEP
1572864:nvhQ6luM7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWPLZQ8/A:nvh1sMPSkB05awIxTy5nMHVLteS6v/A
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1