General
-
Target
Freakin Product.zip
-
Size
68.0MB
-
Sample
241221-23wgrstlbl
-
MD5
5aa35357201bf7e5b7dbc9e9efd5887a
-
SHA1
8f68ff208ac85b878a9c8201656cb2b084f18d4e
-
SHA256
2a6f79b1f0edd9e33b85f5c4af22b0bca1856874f5b2fe0aead2eb6f2a3a0223
-
SHA512
c45dfd86f494a30130a4d492dd4a5090d4f011b3c048b3668bf1712c93d031cc6fcb0863c0110f8ad37ae1316f9d2226fea71b3ef4cd6fbcf1b3b20cac573b8c
-
SSDEEP
1572864:uqwOi6JFzgvrinGSDpAJ+XY0G2N6woDjblWrEB/c0OAdAVS:e2z+OGSbXxGwMlW4BE0OYuS
Malware Config
Targets
-
-
Target
Freakin Product/Injector.exe
-
Size
68.8MB
-
MD5
c43cf791c9a67e57d78f47177b73db5e
-
SHA1
d211284c160cc7544d8c1ddcd22aef52e066165c
-
SHA256
311ce15734609d5f53c8ad1901be1373f233abbb23d7f11c330cb921d39ae54d
-
SHA512
3408552e9e56f6d0cc5d2a21d91702bb93d3b86f3c243979184df56bdb7ba326df341b69cd39b40f2cebe0851edc1b2975ef2d02e687167971b5be32dfea3ac2
-
SSDEEP
1572864:RfcQtIe3iirAH8+1osuTCSxOB6xMLiIpz2qHWB75il+WBZo0Wo4Dxo:tciiS6xjKcBa6R2qHO5izBW0zCO
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1