Overview

overview

10

Static

static

10

AnxelsMenu.exe

windows7-x64

7

AnxelsMenu.exe

windows10-2004-x64

9

Resubmissions

15-10-2024 22:18

241015-17xd7azeqb 10

12-10-2024 20:33

241012-zcbzbszdrg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AnxelsMenu.exe

  • Size

    107.3MB

  • Sample

    241012-zcbzbszdrg

  • MD5

    247fee38f0880752865a537055a3df09

  • SHA1

    4d034fefa0c18bd78513961acabc14921eca5503

  • SHA256

    80c240a288fdbf9383bf06758c5eaa7f1a1eb3bb8ff06ad23c13e68d87bdb0c9

  • SHA512

    7316315f040a4d702cc5b0846c86acdcfa5364972d61fbc32c3cf3a1bd2abc406d4b66f438bbc07e8da52487fabfe10859a372fa0144050f9ca1671f4780d33d

  • SSDEEP

    3145728:eN5L8iS6xjKcBa6/2qHO5i/p0nG0iWMstB2Ox7RE:etJSWNa6NHCixiieB

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      AnxelsMenu.exe

    • Size

      107.3MB

    • MD5

      247fee38f0880752865a537055a3df09

    • SHA1

      4d034fefa0c18bd78513961acabc14921eca5503

    • SHA256

      80c240a288fdbf9383bf06758c5eaa7f1a1eb3bb8ff06ad23c13e68d87bdb0c9

    • SHA512

      7316315f040a4d702cc5b0846c86acdcfa5364972d61fbc32c3cf3a1bd2abc406d4b66f438bbc07e8da52487fabfe10859a372fa0144050f9ca1671f4780d33d

    • SSDEEP

      3145728:eN5L8iS6xjKcBa6/2qHO5i/p0nG0iWMstB2Ox7RE:etJSWNa6NHCixiieB

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks