General

  • Target

    source_prepared.exe

  • Size

    79.0MB

  • Sample

    241214-gz7emstpdz

  • MD5

    a1d7d0e7b3befda3c3d4d22437c1e27d

  • SHA1

    b322bd04f7758e0c7b7ec7de4b9b003287812739

  • SHA256

    ee3c781cb6ddc979fd4b312d53c4c1a35291fa48f85525de9f99ad9b9e5a8766

  • SHA512

    22b9ac564f5386f5ce06fbbfea7bb50ae0531b68f293717fdd12c2af24e779d828e860d00ccabd6028a854548018d7ab1f953ae92cb7ba7bf072d5ba6b9a99af

  • SSDEEP

    1572864:pGKlqwrWCpSk8IpG7V+VPhqAr4E7Alirt/iYgj+h58sMwrerlMNvcJ50:gKMwPpSkB05awArWwph5/er640

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      79.0MB

    • MD5

      a1d7d0e7b3befda3c3d4d22437c1e27d

    • SHA1

      b322bd04f7758e0c7b7ec7de4b9b003287812739

    • SHA256

      ee3c781cb6ddc979fd4b312d53c4c1a35291fa48f85525de9f99ad9b9e5a8766

    • SHA512

      22b9ac564f5386f5ce06fbbfea7bb50ae0531b68f293717fdd12c2af24e779d828e860d00ccabd6028a854548018d7ab1f953ae92cb7ba7bf072d5ba6b9a99af

    • SSDEEP

      1572864:pGKlqwrWCpSk8IpG7V+VPhqAr4E7Alirt/iYgj+h58sMwrerlMNvcJ50:gKMwPpSkB05awArWwph5/er640

    Score
    9/10
    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks