General
-
Target
source_prepared.exe
-
Size
77.4MB
-
Sample
241103-rn5f1swdna
-
MD5
164d7c1c6b1dba7779c9e278ba742cc7
-
SHA1
4236e38c6c7521a9565f0d98ba20e4b11a172c42
-
SHA256
9ef32e3ffd8488b7774e0884db07d9016baa2cc7bb007a686f9b9be6b808c056
-
SHA512
f1d4abe63552f6f3ee44913af7357b5fc82db2a6585b2e857e4a8e992a3201c979080d999813c788eb3173d569cbeac1725b90af059b40b8f281bd9a07316c66
-
SSDEEP
1572864:+1lEW90hSk8IpG7V+VPhqQdSTE7ElhTxiYweyJulZUdgkhLOrL7mCV37U:+1exSkB05awkSnLSpuAh6rnVo
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.4MB
-
MD5
164d7c1c6b1dba7779c9e278ba742cc7
-
SHA1
4236e38c6c7521a9565f0d98ba20e4b11a172c42
-
SHA256
9ef32e3ffd8488b7774e0884db07d9016baa2cc7bb007a686f9b9be6b808c056
-
SHA512
f1d4abe63552f6f3ee44913af7357b5fc82db2a6585b2e857e4a8e992a3201c979080d999813c788eb3173d569cbeac1725b90af059b40b8f281bd9a07316c66
-
SSDEEP
1572864:+1lEW90hSk8IpG7V+VPhqQdSTE7ElhTxiYweyJulZUdgkhLOrL7mCV37U:+1exSkB05awkSnLSpuAh6rnVo
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-