Overview

overview

10

Static

static

10

build.exe

windows7-x64

7

build.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build.exe

  • Size

    80.7MB

  • Sample

    241119-3jj53awclj

  • MD5

    f8176b8ba45b99600d329406b8c892ef

  • SHA1

    b28aed023639fb9155c1b326f3bfcc278730e76a

  • SHA256

    78d034e0ae926ef07622d3996b628f13b7132bbd8871c1988c38d4edb5c4ee93

  • SHA512

    aa9df7375d5d1ba27e00a18a44723439cb6731b40bf171c10d5784d403207605a3ba22a3728c31d1bf750ebda0b17a7f49b38ba76fbb902ac863ef555fded74d

  • SSDEEP

    1572864:OGKlgWj60hSk8IpG7V+VPhqHJE7bbli08iYgj+h58sMw5D7Zcj:fKiQSkB05awHAw0259H

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      build.exe

    • Size

      80.7MB

    • MD5

      f8176b8ba45b99600d329406b8c892ef

    • SHA1

      b28aed023639fb9155c1b326f3bfcc278730e76a

    • SHA256

      78d034e0ae926ef07622d3996b628f13b7132bbd8871c1988c38d4edb5c4ee93

    • SHA512

      aa9df7375d5d1ba27e00a18a44723439cb6731b40bf171c10d5784d403207605a3ba22a3728c31d1bf750ebda0b17a7f49b38ba76fbb902ac863ef555fded74d

    • SSDEEP

      1572864:OGKlgWj60hSk8IpG7V+VPhqHJE7bbli08iYgj+h58sMw5D7Zcj:fKiQSkB05awHAw0259H

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks