Overview

overview

10

Static

static

10

CobraV2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CobraV2.zip

  • Size

    76.1MB

  • Sample

    241206-kzjkcsvrfk

  • MD5

    26290a1c20392c4bf95df024f2402a15

  • SHA1

    f7291b93b8b248d09e485474743a7aa7fb409ec8

  • SHA256

    e354d0523e7d2299bfa01b65a974fb7767837e1a8200927e8ed07d9f894d6a9d

  • SHA512

    54830e80e0d6a34c606f26bd20cc564800539bfc23a16475832d9e6720a906d9e328846839847b72815ab8f9de6a3dc0ea625006d031eb0b17bdecd1614de45c

  • SSDEEP

    1572864:5p7bi9CE4oYwYstUv/OlRBSMuuwAVVkvXoGaeUk9FHSKz5/NLUV3Xr3FcMW5K:5FJE4oYwFuXy8Muudkv4mUk9P/Nu3XpT

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      CobraV2.exe

    • Size

      76.4MB

    • MD5

      31582a9a3490006629cbde95e4b1b663

    • SHA1

      3b2bb72b9e551a277cbc3ee985419937fd35a181

    • SHA256

      d44d1b8375ef8b2e81ae058ae4f94fde54916b746a95dadc97126cfd42511925

    • SHA512

      3e3cf6ec75d12fac447dd47ac4f43d594f16dedaaa9bffa1086c9504b53cfcc0dd56c45edbc775ea0dadefefc2df1b7f42367f44cfd5179f470a03ca79844649

    • SSDEEP

      1572864:U8VlgjW4omcSk8IpG7V+VPhqWK8uE7WoDlK8iY4MHHLeqPNLtDSQY4ZnrACD3:UKcbomcSkB05awWK8moDMXMHVLtVY4FR

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks