Resubmissions

29-10-2024 00:53

241029-a8nkkayqdq 10

29-10-2024 00:52

241029-a785wa1hjk 10

29-10-2024 00:35

241029-axbfvsynex 10

28-10-2024 23:21

241028-3b3x7szejl 10

28-10-2024 22:36

241028-2h8xcsyeqc 10

28-10-2024 20:30

241028-y97ltswhkd 10

General

  • Target

    SpiggIstEinRatter.exe

  • Size

    81.4MB

  • Sample

    241028-y97ltswhkd

  • MD5

    b7ec6280a3cc7c70b7b32df803c02e91

  • SHA1

    4c727ecf3d80b5217db1dd27c8994a609e9be68a

  • SHA256

    e90618da22d3cfd5fef6aea6db1cb3441abed337a7c5e2725c4b3dcd1d07e11b

  • SHA512

    47b834c1caa35890bb8bd981fafedae72fcfde10c1c797170bfc119daac2fbd5ca84a9b609ddff3702c856daef86044367d16a896c1ba1152ffe290500bac6df

  • SSDEEP

    1572864:3GKlkWlUQ0MSk8IpG7V+VPhqFiE7MsliEgiYgj+h58sMwhDLZej:2KilUSkB05awFfwEi5Nn

Malware Config

Targets

    • Target

      SpiggIstEinRatter.exe

    • Size

      81.4MB

    • MD5

      b7ec6280a3cc7c70b7b32df803c02e91

    • SHA1

      4c727ecf3d80b5217db1dd27c8994a609e9be68a

    • SHA256

      e90618da22d3cfd5fef6aea6db1cb3441abed337a7c5e2725c4b3dcd1d07e11b

    • SHA512

      47b834c1caa35890bb8bd981fafedae72fcfde10c1c797170bfc119daac2fbd5ca84a9b609ddff3702c856daef86044367d16a896c1ba1152ffe290500bac6df

    • SSDEEP

      1572864:3GKlkWlUQ0MSk8IpG7V+VPhqFiE7MsliEgiYgj+h58sMwhDLZej:2KilUSkB05awFfwEi5Nn

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks