General
-
Target
NEVER OPEN! (2).exe
-
Size
75.9MB
-
Sample
241114-y4lr6ssjf1
-
MD5
5ccbb15b7c31451496fd71a405de7ca2
-
SHA1
6dd65790b2f84a9dbfb6b335c8ae675321afb298
-
SHA256
c6b6456bec6bd14a62bc7929822c3ac7326f4daa1d8598b4623c1532dc982613
-
SHA512
6f3a726ab3872a864fdb42289453a6a55f64cad9a3e715a054020f86a14a0c7363e3eecbc7947e952154eb7a974f9de95e4020f51e779e113707d19460c02d41
-
SSDEEP
1572864:F8VlCWz03Sk8IpG7V+VPhqIUE7WCylKtFiY4MHHLeqPNLtDaQXgeZPHdGr:FKEVSkB05awIACyMoMHVLteQQeFdC
Malware Config
Targets
-
-
Target
NEVER OPEN! (2).exe
-
Size
75.9MB
-
MD5
5ccbb15b7c31451496fd71a405de7ca2
-
SHA1
6dd65790b2f84a9dbfb6b335c8ae675321afb298
-
SHA256
c6b6456bec6bd14a62bc7929822c3ac7326f4daa1d8598b4623c1532dc982613
-
SHA512
6f3a726ab3872a864fdb42289453a6a55f64cad9a3e715a054020f86a14a0c7363e3eecbc7947e952154eb7a974f9de95e4020f51e779e113707d19460c02d41
-
SSDEEP
1572864:F8VlCWz03Sk8IpG7V+VPhqIUE7WCylKtFiY4MHHLeqPNLtDaQXgeZPHdGr:FKEVSkB05awIACyMoMHVLteQQeFdC
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-