General
-
Target
celexCracked.exe
-
Size
77.6MB
-
Sample
240929-x79sqs1dqg
-
MD5
77c566c7cc2c9be1132858f5db998a03
-
SHA1
d108fccdbb0965941c5578a6ef20b2ddce05c040
-
SHA256
0688ffd71373d18cd021e9f63553b62e40cfd0c11e55c74f03d9b6c844167ea5
-
SHA512
ae9c7df311d3811b70bfa45f938acf7ea93ab907b6bf1cd7962688e470249a35c6240cb7da3a74afc0b12a84af86eb00788a0e788ce4f5f88ac5cfcf6f62968e
-
SSDEEP
1572864:vvHcRldWqmSk8IpG7V+VPhqYdfzE7FFlHFziYweyJulZUdgK3Wu1J/Z9UT:vvHcRj5mSkB05awcf8dCpu+3/19U
Malware Config
Targets
-
-
Target
celexCracked.exe
-
Size
77.6MB
-
MD5
77c566c7cc2c9be1132858f5db998a03
-
SHA1
d108fccdbb0965941c5578a6ef20b2ddce05c040
-
SHA256
0688ffd71373d18cd021e9f63553b62e40cfd0c11e55c74f03d9b6c844167ea5
-
SHA512
ae9c7df311d3811b70bfa45f938acf7ea93ab907b6bf1cd7962688e470249a35c6240cb7da3a74afc0b12a84af86eb00788a0e788ce4f5f88ac5cfcf6f62968e
-
SSDEEP
1572864:vvHcRldWqmSk8IpG7V+VPhqYdfzE7FFlHFziYweyJulZUdgK3Wu1J/Z9UT:vvHcRj5mSkB05awcf8dCpu+3/19U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1