General
-
Target
spoofer.exe
-
Size
80.6MB
-
Sample
241106-vhp1xstjcw
-
MD5
00612a7f7320413d89cf6bf0761dbfec
-
SHA1
707047c2a0e1cfc9e95a4eebc1cf30f327ebe282
-
SHA256
7367d53089575b0708c34d275f067825926d16ab7ecc8e43899e1b08447367bd
-
SHA512
0ea7f31a2819015e7ea58e116c7f44158f7523067057ec0f5dbe3cda2bc0da6654464282ce282a971c8f44ea9e501bd0b32c613771570f111228b5e2dc8c9d87
-
SSDEEP
1572864:CPJlLWLHd0RSk8IpG7V+VPhq9AE7DliriYgj+h58sMwoerlFGp0cJ5j:iJNmiSkB05aw9Zwl5Eeru7j
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
80.6MB
-
MD5
00612a7f7320413d89cf6bf0761dbfec
-
SHA1
707047c2a0e1cfc9e95a4eebc1cf30f327ebe282
-
SHA256
7367d53089575b0708c34d275f067825926d16ab7ecc8e43899e1b08447367bd
-
SHA512
0ea7f31a2819015e7ea58e116c7f44158f7523067057ec0f5dbe3cda2bc0da6654464282ce282a971c8f44ea9e501bd0b32c613771570f111228b5e2dc8c9d87
-
SSDEEP
1572864:CPJlLWLHd0RSk8IpG7V+VPhq9AE7DliriYgj+h58sMwoerlFGp0cJ5j:iJNmiSkB05aw9Zwl5Eeru7j
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-