Overview

overview

10

Static

static

10

bannerlordmcutils.exe

windows7-x64

7

bannerlordmcutils.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bannerlordmcutils.zip

  • Size

    103.0MB

  • Sample

    241117-wt6ngsvlgt

  • MD5

    8e83f633b2178b952785b57f574bebe1

  • SHA1

    f7a6469c2fe5a41cb1266ef03e1da4a44353bcc9

  • SHA256

    a1fed87d3b7672ae3c6d662652415aae27feb5056ee36fd18175b63290419e85

  • SHA512

    76a3da2517f4e27058e00b4d8900ae3f25d424b0b0274cdf46c3654330814bc1c4baf49bcfcff0ba036874058efd6e0e9d7d6be6f2a80f9d20748aca3ac4d104

  • SSDEEP

    3145728:lDvXVZC8XgXFBIGPlEOq8xGmcr/xWQz1EHrRW+:5vK8XgXRtVxGmQIQEW+

Score
10/10
pysilondiscoveryevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      bannerlordmcutils.exe

    • Size

      103.6MB

    • MD5

      d1b6565683f72745dada79f66def7c03

    • SHA1

      3253242d6fbccb9853529bdf420eea01f5b61e33

    • SHA256

      02d80745374489dbfd8b761ee55fac894c6e55bdbda24ce6cf2b68c150b8f2c5

    • SHA512

      f53103c4698661b7d7dc407e1192497e9f3b6f0952ebb0435340f9909a010e7f501a5e02a5f50c603c087f6b9945a5836b9302502343ee9d0d6a0d1ec9042420

    • SSDEEP

      3145728:AnGhr7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBu9Z2:vBnSWNaBHCin1XcB7

    Score
    9/10
    discoveryevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks