General
-
Target
automatic bypass.exe
-
Size
76.8MB
-
Sample
240812-lrj2lazcqg
-
MD5
3ce2df28818da6017794111530f87097
-
SHA1
9a8d34041dcbda4e74e3f66cf81bedbbbd30ee53
-
SHA256
3b33f2098425ef8095558a5390eefd6e2e472f1d9113ea49c4cfca5be0c0d09b
-
SHA512
eb10ece43b14b3e62d6aebb594d8a08fde19129820eb80e8a213e73803e986148d2a5d0229d7cf8964e249d2c46df82eed8b5cfb41269f41d309e65d8c32a4ad
-
SSDEEP
1572864:lvHcRlKW/h7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgV3Luea/Z9UI:lvHcREChTSkB05awcfhdCpuR3iB9U
Malware Config
Targets
-
-
Target
automatic bypass.exe
-
Size
76.8MB
-
MD5
3ce2df28818da6017794111530f87097
-
SHA1
9a8d34041dcbda4e74e3f66cf81bedbbbd30ee53
-
SHA256
3b33f2098425ef8095558a5390eefd6e2e472f1d9113ea49c4cfca5be0c0d09b
-
SHA512
eb10ece43b14b3e62d6aebb594d8a08fde19129820eb80e8a213e73803e986148d2a5d0229d7cf8964e249d2c46df82eed8b5cfb41269f41d309e65d8c32a4ad
-
SSDEEP
1572864:lvHcRlKW/h7vXSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgV3Luea/Z9UI:lvHcREChTSkB05awcfhdCpuR3iB9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-