Resubmissions

28-10-2024 18:18

241028-wxm1jsvdrj 10

28-10-2024 17:03

241028-vkqegatglh 10

25-10-2024 21:04

241025-zwketavcnc 10

General

  • Target

    SpiggIstEinNigger.exe

  • Size

    81.4MB

  • Sample

    241028-wxm1jsvdrj

  • MD5

    b7ec6280a3cc7c70b7b32df803c02e91

  • SHA1

    4c727ecf3d80b5217db1dd27c8994a609e9be68a

  • SHA256

    e90618da22d3cfd5fef6aea6db1cb3441abed337a7c5e2725c4b3dcd1d07e11b

  • SHA512

    47b834c1caa35890bb8bd981fafedae72fcfde10c1c797170bfc119daac2fbd5ca84a9b609ddff3702c856daef86044367d16a896c1ba1152ffe290500bac6df

  • SSDEEP

    1572864:3GKlkWlUQ0MSk8IpG7V+VPhqFiE7MsliEgiYgj+h58sMwhDLZej:2KilUSkB05awFfwEi5Nn

Malware Config

Targets

    • Target

      SpiggIstEinNigger.exe

    • Size

      81.4MB

    • MD5

      b7ec6280a3cc7c70b7b32df803c02e91

    • SHA1

      4c727ecf3d80b5217db1dd27c8994a609e9be68a

    • SHA256

      e90618da22d3cfd5fef6aea6db1cb3441abed337a7c5e2725c4b3dcd1d07e11b

    • SHA512

      47b834c1caa35890bb8bd981fafedae72fcfde10c1c797170bfc119daac2fbd5ca84a9b609ddff3702c856daef86044367d16a896c1ba1152ffe290500bac6df

    • SSDEEP

      1572864:3GKlkWlUQ0MSk8IpG7V+VPhqFiE7MsliEgiYgj+h58sMwhDLZej:2KilUSkB05awFfwEi5Nn

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks