Resubmissions

16-12-2024 07:03

241216-hvtteszjhy 10

15-12-2024 22:42

241215-2mvkjasmfn 10

General

  • Target

    source_prepared.exe

  • Size

    30.5MB

  • Sample

    241216-hvtteszjhy

  • MD5

    a76406bff5ba7a0228ba232cc2ecfee7

  • SHA1

    023b9097a4beca140cfba5f1c15d747ebf6ec070

  • SHA256

    fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8

  • SHA512

    d7838d367158ece880c13cb063665e5fc18b8c1af4368e457cfa60a0b3594d064686d4ffd5bace79a82fab61106772ded5b67a7a3f5b6a0d92997b9d8adeb605

  • SSDEEP

    786432:5iIZRZW8FPm1N2+9qxqzcY876K3v1n8vSFumJWoIQ8lZ:EEWSm2+9E7z1XFu0H2

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      30.5MB

    • MD5

      a76406bff5ba7a0228ba232cc2ecfee7

    • SHA1

      023b9097a4beca140cfba5f1c15d747ebf6ec070

    • SHA256

      fd423dc5c37065f1bef1c9acacb859f0f6d8bb779d6f24a0c8f3bf8f2585f1a8

    • SHA512

      d7838d367158ece880c13cb063665e5fc18b8c1af4368e457cfa60a0b3594d064686d4ffd5bace79a82fab61106772ded5b67a7a3f5b6a0d92997b9d8adeb605

    • SSDEEP

      786432:5iIZRZW8FPm1N2+9qxqzcY876K3v1n8vSFumJWoIQ8lZ:EEWSm2+9E7z1XFu0H2

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks