Overview

overview

9

Static

static

3

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    47.5MB

  • Sample

    240901-wkwf6aybjd

  • MD5

    f9ab843894f7753e1454e80539d310cb

  • SHA1

    174f464a9ff25fe7f896f3094bab7593d1b31cb8

  • SHA256

    79016a6140751cd1a5bfa2a084a17440bc7348a7ea43e86cafea2cecd2b56f37

  • SHA512

    f8fee0a8f4e98e52d62c8c060692e754fdc6670ab407d5b1fad77063f271fa69dc8750811734f7253b0bb50de056819b15cfe973463b11acc0c6d33dcb578794

  • SSDEEP

    786432:qcRl9W8Z2dkg/IpG7VB8VPhqYdbT85zcY876EilhfXuZ6v8v0Rv+KWvSdZoA:qcRl9WOSk8IpG7V+VPhqYdfWE7Ulte2Y

Score
9/10
discoveryexecutionpyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      47.5MB

    • MD5

      f9ab843894f7753e1454e80539d310cb

    • SHA1

      174f464a9ff25fe7f896f3094bab7593d1b31cb8

    • SHA256

      79016a6140751cd1a5bfa2a084a17440bc7348a7ea43e86cafea2cecd2b56f37

    • SHA512

      f8fee0a8f4e98e52d62c8c060692e754fdc6670ab407d5b1fad77063f271fa69dc8750811734f7253b0bb50de056819b15cfe973463b11acc0c6d33dcb578794

    • SSDEEP

      786432:qcRl9W8Z2dkg/IpG7VB8VPhqYdbT85zcY876EilhfXuZ6v8v0Rv+KWvSdZoA:qcRl9WOSk8IpG7V+VPhqYdfWE7Ulte2Y

    Score
    9/10
    upxexecution

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      3af0657bf4d2cdcd8e84aeee71be06f7

    • SHA1

      bd28a025931e96da24c9818e1a1648d2ce7f5212

    • SHA256

      83bbb656424fab009b612232bab4970a8bd49c944285975babb3de8f99db9da6

    • SHA512

      a402b759e427ed78e55650b9188772916787a1734f5dd5a5782d98228c7c9da11057627bcad29aa94139a9c20b1c4ca2e8c92983b38384245855f6da3369dace

    • SSDEEP

      96:ySMlhlvyz7DweHPF8+VB7sHIZGQSWfvmyyZ1k9qHub:Lolvyzgevq+VBXZGQlvmV1kkHub

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      source_prepared.pyc

    • Size

      95KB

    • MD5

      f30e654162f3ce20d00ece95f5a9d0df

    • SHA1

      332e34635b07ae9ba3d8fabb895529265563fc3d

    • SHA256

      3cd0efffa78bbcf412002c898dd78af5d2bdd9d04066668554fb93fd3f585ee3

    • SHA512

      472b6c5f4e994ec880357c1fe97a6ebcb905d40c5da952be0d507e42fd6fb32c7ebac6145837b4747b974d22b6eb61b18ba82190f0c68b3dc35b8b59edd6eac9

    • SSDEEP

      1536:UpO4LPJbUssEbS3qc0yW4P5w+uKFEHmxo+/TCIvdXzbaMQsGfR:cPJUrEGx0yBrZOIvdXzevsGJ

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks