Overview

overview

10

Static

static

10

MalwareEww.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareEww.exe

  • Size

    102.9MB

  • Sample

    240917-ee43nstamh

  • MD5

    8b4e5034f23109a950359ad9e66f9f52

  • SHA1

    f53d77cd6127b183d2229c8ac5be7127bb9345a8

  • SHA256

    73f6148f53b75a74e2cca653bb3bef544118ddc12efc3cafa3d935414efbdc66

  • SHA512

    4d52a909c423167b3537dda6b491cdde0d686be7023f3c98f8863a67e81bbc21d807188aca4b292d6399a7a6e282bd4595dbf70d4b7a17a2630efb0da4655c46

  • SSDEEP

    3145728:piQL88S6xjKcBanL2qHO5iVjdqlnGQbRe0zJcBP39NcO3:ptHSWNaBHCi651XcBP3f3

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      MalwareEww.exe

    • Size

      102.9MB

    • MD5

      8b4e5034f23109a950359ad9e66f9f52

    • SHA1

      f53d77cd6127b183d2229c8ac5be7127bb9345a8

    • SHA256

      73f6148f53b75a74e2cca653bb3bef544118ddc12efc3cafa3d935414efbdc66

    • SHA512

      4d52a909c423167b3537dda6b491cdde0d686be7023f3c98f8863a67e81bbc21d807188aca4b292d6399a7a6e282bd4595dbf70d4b7a17a2630efb0da4655c46

    • SSDEEP

      3145728:piQL88S6xjKcBanL2qHO5iVjdqlnGQbRe0zJcBP39NcO3:ptHSWNaBHCi651XcBP3f3

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks