Overview

overview

10

Static

static

10

Scanner3.0.exe

windows10-ltsc 2021-x64

9

Resubmissions

26-10-2024 17:43

241026-warp8avmft 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanner3.0.exe

  • Size

    107.2MB

  • Sample

    241026-warp8avmft

  • MD5

    cbcea90c319e1a4f4ba6cb9f1de628ee

  • SHA1

    507ee48f674e2b3cafe79eccde36f6e3e3a518cd

  • SHA256

    27cd4ff128a2a838730155e55078a2788dfea440c590713a49cc133913c0c8c6

  • SHA512

    f8a387942567fce8ab2e86ed34024b1cb3ed6d749c8373db62f044f9dffb777c8011a709792bb431bf12fa151b4131a888e55569cd17e1a3eaaa7c2edaf38c73

  • SSDEEP

    3145728:lUer7RS6xjKcBa6/2qHO5iFpBnG0iWMstB2OxQmyD7:eYFSWNa6NHCibhieB

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      Scanner3.0.exe

    • Size

      107.2MB

    • MD5

      cbcea90c319e1a4f4ba6cb9f1de628ee

    • SHA1

      507ee48f674e2b3cafe79eccde36f6e3e3a518cd

    • SHA256

      27cd4ff128a2a838730155e55078a2788dfea440c590713a49cc133913c0c8c6

    • SHA512

      f8a387942567fce8ab2e86ed34024b1cb3ed6d749c8373db62f044f9dffb777c8011a709792bb431bf12fa151b4131a888e55569cd17e1a3eaaa7c2edaf38c73

    • SSDEEP

      3145728:lUer7RS6xjKcBa6/2qHO5iFpBnG0iWMstB2OxQmyD7:eYFSWNa6NHCibhieB

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks