General
-
Target
source_prepared.exe
-
Size
39.6MB
-
Sample
240824-eqxsqstgqr
-
MD5
4c002679fbea9d9cb32537ad8a78e2ce
-
SHA1
3aedb261df4e5090472b2acdf1da6db7120db8e1
-
SHA256
3bf11ca9ef42c2c26f3874bd71aa97e7ccced267f2b2807f5980327a6a448f7c
-
SHA512
f0e3d15ebd011e6b41af04a563c99d9d4cb76d6eef8873bec1b2ce3cf8b2bbab34a3022ec7ca168787b20c58d9c5837c1414b3ec81141e081e867297509c889b
-
SSDEEP
786432:ju24W80hgpgPQP1QtIXF2j6+s7LWB75zuPN+Yd50fIe2pgKraBgimQt:KWtgp8siI12qHWB75iV/amraBm
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
39.6MB
-
MD5
4c002679fbea9d9cb32537ad8a78e2ce
-
SHA1
3aedb261df4e5090472b2acdf1da6db7120db8e1
-
SHA256
3bf11ca9ef42c2c26f3874bd71aa97e7ccced267f2b2807f5980327a6a448f7c
-
SHA512
f0e3d15ebd011e6b41af04a563c99d9d4cb76d6eef8873bec1b2ce3cf8b2bbab34a3022ec7ca168787b20c58d9c5837c1414b3ec81141e081e867297509c889b
-
SSDEEP
786432:ju24W80hgpgPQP1QtIXF2j6+s7LWB75zuPN+Yd50fIe2pgKraBgimQt:KWtgp8siI12qHWB75iV/amraBm
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1