General
-
Target
Ravange.exe
-
Size
80.6MB
-
Sample
241112-27s77sskcs
-
MD5
75788c90ee089a92585102dcf14fa3bc
-
SHA1
c2407571cf0466d808f1ec0d167b8118d958b8aa
-
SHA256
bbcfe534618560a3cd72b8127f511c3547de0e24765beb09d6cbc6a0012fe73d
-
SHA512
e514d1c7d705afca8185039717af5b8f0622576ce53053186d1eeacbf7e435e953cb06ebc79dc37f388cf26c6ccf6170294644be56213d6bd08e34ebbd6d9471
-
SSDEEP
1572864:pGKlqWLH00hSk8IpG7V+VPhqclE7plifiYgj+h58sMwAerlFipjcJ5j:gKMmNSkB05awcIwB5serqgj
Malware Config
Targets
-
-
Target
Ravange.exe
-
Size
80.6MB
-
MD5
75788c90ee089a92585102dcf14fa3bc
-
SHA1
c2407571cf0466d808f1ec0d167b8118d958b8aa
-
SHA256
bbcfe534618560a3cd72b8127f511c3547de0e24765beb09d6cbc6a0012fe73d
-
SHA512
e514d1c7d705afca8185039717af5b8f0622576ce53053186d1eeacbf7e435e953cb06ebc79dc37f388cf26c6ccf6170294644be56213d6bd08e34ebbd6d9471
-
SSDEEP
1572864:pGKlqWLH00hSk8IpG7V+VPhqclE7plifiYgj+h58sMwAerlFipjcJ5j:gKMmNSkB05awcIwB5serqgj
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-