Overview

overview

10

Static

static

10

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    80.0MB

  • Sample

    241112-wf1kbaxhnd

  • MD5

    fd2819916f72c31cfe90bf0a4813b675

  • SHA1

    e425bfe12015c2680583dd7d6741e9c8ffa832d0

  • SHA256

    cee68a6283a15f03da36387a828e21d1e0c2118362e16aa0a4434a4d8ae173d5

  • SHA512

    7294f27066bc52a82f40e4c15da5b24497de8c3b16f44e1b2170659f6658483aa395f91d2899aa923900fe2e9f0fec9742007be64c0459a19cbab69058f77850

  • SSDEEP

    1572864:LGKlEWpO0hSk8IpG7V+VPhqYdf3xTivfSl6li0T5TPxfTcrb5try0mDXo4V:SKewbSkB05awcf3xen+6wKy5tryXXo0

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      80.0MB

    • MD5

      fd2819916f72c31cfe90bf0a4813b675

    • SHA1

      e425bfe12015c2680583dd7d6741e9c8ffa832d0

    • SHA256

      cee68a6283a15f03da36387a828e21d1e0c2118362e16aa0a4434a4d8ae173d5

    • SHA512

      7294f27066bc52a82f40e4c15da5b24497de8c3b16f44e1b2170659f6658483aa395f91d2899aa923900fe2e9f0fec9742007be64c0459a19cbab69058f77850

    • SSDEEP

      1572864:LGKlEWpO0hSk8IpG7V+VPhqYdf3xTivfSl6li0T5TPxfTcrb5try0mDXo4V:SKewbSkB05awcf3xen+6wKy5tryXXo0

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks