Resubmissions
13/09/2024, 16:21
240913-tt51vawhkm 10General
-
Target
source_prepared.exe
-
Size
81.8MB
-
Sample
240913-tt51vawhkm
-
MD5
489808c6c23d89f13d1d81fdb38c1f66
-
SHA1
8ecab45930273c7aae501975246c786e6ad5360b
-
SHA256
ba059cdeee3b09a5f2fdf762ef7d59e4835d4c421f0358052100203433dae7e2
-
SHA512
fa51992bace75c4b0b7ca5c153e05daedf12dbc6e0301ef46928b478cb109f45d79fd5a83624b413ea0332585242a76708fd0a8a8a6f684ab4cdbc980710b7ec
-
SSDEEP
1572864:avxZQglXedWrZSk8IpG7V+VPhqb+T9E7Ulg8iYgj+h58sMw5ID93AVqDNX:avxZxRQwZSkB05awb+TJe25Fu93L
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
81.8MB
-
MD5
489808c6c23d89f13d1d81fdb38c1f66
-
SHA1
8ecab45930273c7aae501975246c786e6ad5360b
-
SHA256
ba059cdeee3b09a5f2fdf762ef7d59e4835d4c421f0358052100203433dae7e2
-
SHA512
fa51992bace75c4b0b7ca5c153e05daedf12dbc6e0301ef46928b478cb109f45d79fd5a83624b413ea0332585242a76708fd0a8a8a6f684ab4cdbc980710b7ec
-
SSDEEP
1572864:avxZQglXedWrZSk8IpG7V+VPhqb+T9E7Ulg8iYgj+h58sMw5ID93AVqDNX:avxZxRQwZSkB05awb+TJe25Fu93L
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1