General

  • Target

    source_prepared.exe

  • Size

    39.6MB

  • Sample

    240824-eqxsqstgqr

  • MD5

    4c002679fbea9d9cb32537ad8a78e2ce

  • SHA1

    3aedb261df4e5090472b2acdf1da6db7120db8e1

  • SHA256

    3bf11ca9ef42c2c26f3874bd71aa97e7ccced267f2b2807f5980327a6a448f7c

  • SHA512

    f0e3d15ebd011e6b41af04a563c99d9d4cb76d6eef8873bec1b2ce3cf8b2bbab34a3022ec7ca168787b20c58d9c5837c1414b3ec81141e081e867297509c889b

  • SSDEEP

    786432:ju24W80hgpgPQP1QtIXF2j6+s7LWB75zuPN+Yd50fIe2pgKraBgimQt:KWtgp8siI12qHWB75iV/amraBm

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      39.6MB

    • MD5

      4c002679fbea9d9cb32537ad8a78e2ce

    • SHA1

      3aedb261df4e5090472b2acdf1da6db7120db8e1

    • SHA256

      3bf11ca9ef42c2c26f3874bd71aa97e7ccced267f2b2807f5980327a6a448f7c

    • SHA512

      f0e3d15ebd011e6b41af04a563c99d9d4cb76d6eef8873bec1b2ce3cf8b2bbab34a3022ec7ca168787b20c58d9c5837c1414b3ec81141e081e867297509c889b

    • SSDEEP

      786432:ju24W80hgpgPQP1QtIXF2j6+s7LWB75zuPN+Yd50fIe2pgKraBgimQt:KWtgp8siI12qHWB75iV/amraBm

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks