General
-
Target
source_prepared.exe
-
Size
75.9MB
-
Sample
241103-vgnrgaygmg
-
MD5
f51a731a7f635efc7f3591e3e608f64a
-
SHA1
dd0bdb77b97cc5064189f19cb2b6702c1183817d
-
SHA256
810150e52ae1f79ed5862e0f5c3c71e6ef0f92f7ec093d2f2e329bdc002ad3c1
-
SHA512
a593017f636c50a219818bc9d0c78d45b5276df10490b9f13c8091889562b85938fac0fc1709bc9439a35e5e7a717c204285c07c66c6a824e59e412ebef1beb7
-
SSDEEP
1572864:H8Vl1xW703Sk8IpG7V+VPhqIUE7WklKiRiY4MHHLeqPNLtDlUZniUG:HKdjSkB05awIAkMiOMHVLtBUol
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
75.9MB
-
MD5
f51a731a7f635efc7f3591e3e608f64a
-
SHA1
dd0bdb77b97cc5064189f19cb2b6702c1183817d
-
SHA256
810150e52ae1f79ed5862e0f5c3c71e6ef0f92f7ec093d2f2e329bdc002ad3c1
-
SHA512
a593017f636c50a219818bc9d0c78d45b5276df10490b9f13c8091889562b85938fac0fc1709bc9439a35e5e7a717c204285c07c66c6a824e59e412ebef1beb7
-
SSDEEP
1572864:H8Vl1xW703Sk8IpG7V+VPhqIUE7WklKiRiY4MHHLeqPNLtDlUZniUG:HKdjSkB05awIAkMiOMHVLtBUol
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-