General
-
Target
source_prepared.exe
-
Size
38.9MB
-
Sample
240906-z2p79aycmd
-
MD5
338c6cb2f18f820f047d9b77777e479b
-
SHA1
ef8c201034a96c45089ff7abd3240438cd83f269
-
SHA256
333b1efa9af0ee1ae1ddbab2ba363ae1d4b4c34f080a18f6a9f89156fcef36e5
-
SHA512
ade2e68a9a5fbe3e2a9e086e49540100dfdd41e024822b54c22cbdabc0a2c78a0419ff9a8a180626980e3f1274918b955dbb3c87613d27eefa88c26620191de6
-
SSDEEP
786432:a9Z9xbdQglE8+W8YMO7klaO45zcY87HC5QlltXcWSV9vtUlQErP:MvxZQglWWLvZPE7hl/m9FUjr
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
38.9MB
-
MD5
338c6cb2f18f820f047d9b77777e479b
-
SHA1
ef8c201034a96c45089ff7abd3240438cd83f269
-
SHA256
333b1efa9af0ee1ae1ddbab2ba363ae1d4b4c34f080a18f6a9f89156fcef36e5
-
SHA512
ade2e68a9a5fbe3e2a9e086e49540100dfdd41e024822b54c22cbdabc0a2c78a0419ff9a8a180626980e3f1274918b955dbb3c87613d27eefa88c26620191de6
-
SSDEEP
786432:a9Z9xbdQglE8+W8YMO7klaO45zcY87HC5QlltXcWSV9vtUlQErP:MvxZQglWWLvZPE7hl/m9FUjr
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1