General
-
Target
Setup.exe
-
Size
160.0MB
-
Sample
241023-r1j1vavfrb
-
MD5
3b52cdd97e560dace789733bf774d0b2
-
SHA1
06a80c609f93839ce55cba241a8c1e0b3f9b8c3e
-
SHA256
b2a0c2982713b32f8e744dd4ef08b920f46a1946d38adffd200a0d7640d7f0b9
-
SHA512
61e8191d4eac19b51937ce7ec4962eea8a4279e8e5f2320afa48587813eb4cd360b980f5d6f02a7d48f27c389a4c166a11b72e7f676a53000299d223df5fb872
-
SSDEEP
3145728:RP0yvzmoU2b7f84ha+EPvIeXLf/IibgdUtJFxewJc+F3YGoq:FmoU2H9dEX3LYIgdUtJT
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
160.0MB
-
MD5
3b52cdd97e560dace789733bf774d0b2
-
SHA1
06a80c609f93839ce55cba241a8c1e0b3f9b8c3e
-
SHA256
b2a0c2982713b32f8e744dd4ef08b920f46a1946d38adffd200a0d7640d7f0b9
-
SHA512
61e8191d4eac19b51937ce7ec4962eea8a4279e8e5f2320afa48587813eb4cd360b980f5d6f02a7d48f27c389a4c166a11b72e7f676a53000299d223df5fb872
-
SSDEEP
3145728:RP0yvzmoU2b7f84ha+EPvIeXLf/IibgdUtJFxewJc+F3YGoq:FmoU2H9dEX3LYIgdUtJT
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1