General
-
Target
versalscripts.exe
-
Size
81.1MB
-
Sample
241208-14z1xavndv
-
MD5
8807d9960b2900d66f9659c0a2bae430
-
SHA1
5f4f67f047b48437c565a71b74b7cf535d0f6838
-
SHA256
50ccc8a2f06d1f0ca6c62319241c6ebeaea15d7dbdf6c6ad7bb5f345b7cf5f68
-
SHA512
a3e019db53f5a7bdcfcd1cc034cc87c3e06a96db39a77b102869575b1ece07318a4914b4f733de6d8867819e0f65ea97b555def656ca88803c85ccbebfbc36a3
-
SSDEEP
1572864:mGKlXOUWtMmpSk8IpG7V+VPhqO+ynE7qliJiYgj+h58sMwII7erWtH/cJFJ:3KRdWMmpSkB05awO+y5wL5kyerIeJ
Malware Config
Targets
-
-
Target
versalscripts.exe
-
Size
81.1MB
-
MD5
8807d9960b2900d66f9659c0a2bae430
-
SHA1
5f4f67f047b48437c565a71b74b7cf535d0f6838
-
SHA256
50ccc8a2f06d1f0ca6c62319241c6ebeaea15d7dbdf6c6ad7bb5f345b7cf5f68
-
SHA512
a3e019db53f5a7bdcfcd1cc034cc87c3e06a96db39a77b102869575b1ece07318a4914b4f733de6d8867819e0f65ea97b555def656ca88803c85ccbebfbc36a3
-
SSDEEP
1572864:mGKlXOUWtMmpSk8IpG7V+VPhqO+ynE7qliJiYgj+h58sMwII7erWtH/cJFJ:3KRdWMmpSkB05awO+y5wL5kyerIeJ
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-