Overview

overview

10

Static

static

10

source_prepared.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    30.7MB

  • Sample

    241015-qz8gdaxdrb

  • MD5

    5dd31fd81211df5fa103023e485b83ec

  • SHA1

    43b9dabe271c38ddb18b24a4193a9354ca1ab484

  • SHA256

    aa91ee6979b37e97c754f14341294ea0950de133a296deb99a856ce47e19969d

  • SHA512

    4c6c989eb3b554fa31e7f3e8f5b25eba5b85e33d0688a87e414321ebbb3d1793a8a0c6ab06dfaa17bdb4a8d954066923fe2135489e56b1c02ecbe2587f75a0c0

  • SSDEEP

    786432:jb1W8Aciq7TFzcY87HC5a+w/pWVMhaIvaH:jBWjcrRE78GK7N

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      30.7MB

    • MD5

      5dd31fd81211df5fa103023e485b83ec

    • SHA1

      43b9dabe271c38ddb18b24a4193a9354ca1ab484

    • SHA256

      aa91ee6979b37e97c754f14341294ea0950de133a296deb99a856ce47e19969d

    • SHA512

      4c6c989eb3b554fa31e7f3e8f5b25eba5b85e33d0688a87e414321ebbb3d1793a8a0c6ab06dfaa17bdb4a8d954066923fe2135489e56b1c02ecbe2587f75a0c0

    • SSDEEP

      786432:jb1W8Aciq7TFzcY87HC5a+w/pWVMhaIvaH:jBWjcrRE78GK7N

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks