General
-
Target
blackstar.rar
-
Size
82.4MB
-
Sample
240826-frk11ayaqk
-
MD5
224e0218bdd50fa5aa60dc91c13de7e3
-
SHA1
da5a672037ea779e4e0d2c313a8d99d3c5328c16
-
SHA256
403e511dbc49633c039bad4d192a7a250e7d05474c41527b9d2a4b7647561c97
-
SHA512
1c0c5f08e64477852231181283332de19011355b00875388c3fd1fff2ee7e3aa5000ceb96aed23b2eb8faaaec72a52a316683fc8c58a185364f61928c8924b9b
-
SSDEEP
1572864:OukZBQTVE3yKUl6QyQyFprFzxCZPvNFe3ziYErKI9tBaMCuWdodMjv:OfaiNQQrFlCZPvNFkpEWIbUt
Malware Config
Targets
-
-
Target
blackstar/blackstar_start.exe
-
Size
71.4MB
-
MD5
7e8fd8cd1cd578797749db0bcb23099a
-
SHA1
8666d51cfd0369df91d6bad97459c6331a95922c
-
SHA256
db71767ac55e293d4d8070fb5cfd51dbc97178ed7a3e5ec6a75cb8d2131ef2a6
-
SHA512
8f496bac22166794d088c192e15a2b779991b4ab1ed66c5aedd1d74ad88b46cbbb2330e9b92565f7052b9ce006056854e6ed1ab1d6a35acc9c64d835eb8e75db
-
SSDEEP
1572864:P2MQqQxHlJFSk8IpG7V+VPhqGDE7lBaaUHUzvW8J7TwGb94V9sW3/BZuo2pj:PZQq6FJFSkB05awGTaU0SqEGCfsK5h2l
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-