Overview

overview

10

Static

static

10

source_prepared.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    103.4MB

  • Sample

    240807-arma6syera

  • MD5

    3b73fc933d169c46ccf99bf3a7d29c87

  • SHA1

    0087b278b530591d8189aa7d8535e515dee75165

  • SHA256

    28527bd773c9bfa7302c7cd5614c357606d034309050980361519761a6ca64ca

  • SHA512

    40a2b90bb41e3070213cb24c072fc4ba7fb490f2f9efc7e84ff7741845604f15c87ccf26636ee29a95320db1e40957dc38e3203687d7bd2180d23e72a52d98cf

  • SSDEEP

    3145728:EgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWIs9U:ogSWNaIsHCiH1XcBWV

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      103.4MB

    • MD5

      3b73fc933d169c46ccf99bf3a7d29c87

    • SHA1

      0087b278b530591d8189aa7d8535e515dee75165

    • SHA256

      28527bd773c9bfa7302c7cd5614c357606d034309050980361519761a6ca64ca

    • SHA512

      40a2b90bb41e3070213cb24c072fc4ba7fb490f2f9efc7e84ff7741845604f15c87ccf26636ee29a95320db1e40957dc38e3203687d7bd2180d23e72a52d98cf

    • SSDEEP

      3145728:EgOb8S6xjKcBaIc2qHO5iVY2nGQbRe0zJcBWIs9U:ogSWNaIsHCiH1XcBWV

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks