General
-
Target
svhost.exe
-
Size
68.5MB
-
Sample
241216-yhvsyszldq
-
MD5
bf49d88af5bdfa38697eafe23fd46265
-
SHA1
3645a8c119a894db4de0a83832eac124062ea92f
-
SHA256
dd99072b19ece0f1f9c617fa3d07bfe35d7b61468fc8b3d2e3891143442fa1fa
-
SHA512
07242ef721747979293f58684443e1a1ddc10cc9fda2ef8f2a8764ee1524cfb10edca73b2ea70d34348710a1712b5df9176de65b2c10a7662072fb1dffd95de7
-
SSDEEP
1572864:l9JfVzrW13CRrrirAH8+1osuTCSxOB6xM5cX72qHWB75iVaN2ZaQ6A:lNECRrS6xjKcBanL2qHO5iV0E
Behavioral task
behavioral1
Sample
svhost.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
svhost.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
svhost.exe
-
Size
68.5MB
-
MD5
bf49d88af5bdfa38697eafe23fd46265
-
SHA1
3645a8c119a894db4de0a83832eac124062ea92f
-
SHA256
dd99072b19ece0f1f9c617fa3d07bfe35d7b61468fc8b3d2e3891143442fa1fa
-
SHA512
07242ef721747979293f58684443e1a1ddc10cc9fda2ef8f2a8764ee1524cfb10edca73b2ea70d34348710a1712b5df9176de65b2c10a7662072fb1dffd95de7
-
SSDEEP
1572864:l9JfVzrW13CRrrirAH8+1osuTCSxOB6xM5cX72qHWB75iVaN2ZaQ6A:lNECRrS6xjKcBanL2qHO5iV0E
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-