Overview

overview

8

Static

static

1

VirtualBox...in.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    VirtualBox-7.0.20-163906-Win.exe

  • Size

    105.1MB

  • Sample

    240806-vck5sayalf

  • MD5

    b822835698e76fff193342effc92d286

  • SHA1

    e049adb24caf0153b94e801da9835d485c67e38c

  • SHA256

    fa3544162eee87b660999bd913f76ccb2e5a706928ef2c2e29811e4ac76fb166

  • SHA512

    0381b27478dc25d4b3707fb21a34be66ca42eb18d93ce8ec90be7325015f540a39ebfea58b7992a38cc2c861e6e86d89c67f5b3a84ddb65e339fcca0dc314bed

  • SSDEEP

    3145728:VuwDpzeIGwA7iKVCv8hxxgFYHey3WCfEOiP1e48TetH+H9:VuwDpz9A70Cno1XZBtHC9

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      VirtualBox-7.0.20-163906-Win.exe

    • Size

      105.1MB

    • MD5

      b822835698e76fff193342effc92d286

    • SHA1

      e049adb24caf0153b94e801da9835d485c67e38c

    • SHA256

      fa3544162eee87b660999bd913f76ccb2e5a706928ef2c2e29811e4ac76fb166

    • SHA512

      0381b27478dc25d4b3707fb21a34be66ca42eb18d93ce8ec90be7325015f540a39ebfea58b7992a38cc2c861e6e86d89c67f5b3a84ddb65e339fcca0dc314bed

    • SSDEEP

      3145728:VuwDpzeIGwA7iKVCv8hxxgFYHey3WCfEOiP1e48TetH+H9:VuwDpz9A70Cno1XZBtHC9

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Drops file in Drivers directory

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks