General
-
Target
source_prepared.exe
-
Size
75.2MB
-
Sample
241208-pyk41symfk
-
MD5
0f85a61f6c362852e8d255e24e151241
-
SHA1
967dca024a6b31ed665ffb189b5b74e44d2f335d
-
SHA256
20bdfcdb33cbf92a9c9e893cac1bebb42bfe84254ae6cb7252cc84b5456e1705
-
SHA512
b3ea22a87fdf4d56cb4cdc09c270f0d5165a00442fff1ca647f2c7937d14cb06f55ae8794fc31f18ebcc33203716ce7546d208b76549b3a24649142f7c1b4fce
-
SSDEEP
1572864:L1l2WSSk8IpG7V+VPhqFxE7alh8qAiYweyJulZUdgg4DhckKd72:L1sJSkB05awFlLrpus4FYZ2
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
75.2MB
-
MD5
0f85a61f6c362852e8d255e24e151241
-
SHA1
967dca024a6b31ed665ffb189b5b74e44d2f335d
-
SHA256
20bdfcdb33cbf92a9c9e893cac1bebb42bfe84254ae6cb7252cc84b5456e1705
-
SHA512
b3ea22a87fdf4d56cb4cdc09c270f0d5165a00442fff1ca647f2c7937d14cb06f55ae8794fc31f18ebcc33203716ce7546d208b76549b3a24649142f7c1b4fce
-
SSDEEP
1572864:L1l2WSSk8IpG7V+VPhqFxE7alh8qAiYweyJulZUdgg4DhckKd72:L1sJSkB05awFlLrpus4FYZ2
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-