General

  • Target

    source_prepared.exe

  • Size

    75.7MB

  • Sample

    240805-vgetkawdqc

  • MD5

    1b4d47e5ac02484f85a1ccdae271fb21

  • SHA1

    dbdc89b7d7dac86b1fbd873885c0099f52e8c1d5

  • SHA256

    e7016dad25d513c8361c7998e43f04c826402eee2550030351eb7d8ea75d5731

  • SHA512

    7c39fc841a0218ab9a33b7a94a9176fc0e628677a4e2c6e014a07e8d4558197cdeff90b372d65a739f1659b38f643a5217d8ef66f72bbce18891f829156018e9

  • SSDEEP

    1572864:nvhQ6luM7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWPLZQ8/A:nvh1sMPSkB05awIxTy5nMHVLteS6v/A

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      75.7MB

    • MD5

      1b4d47e5ac02484f85a1ccdae271fb21

    • SHA1

      dbdc89b7d7dac86b1fbd873885c0099f52e8c1d5

    • SHA256

      e7016dad25d513c8361c7998e43f04c826402eee2550030351eb7d8ea75d5731

    • SHA512

      7c39fc841a0218ab9a33b7a94a9176fc0e628677a4e2c6e014a07e8d4558197cdeff90b372d65a739f1659b38f643a5217d8ef66f72bbce18891f829156018e9

    • SSDEEP

      1572864:nvhQ6luM7vDSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWPLZQ8/A:nvh1sMPSkB05awIxTy5nMHVLteS6v/A

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks