General
-
Target
superdoopercoolthking.exe
-
Size
80.6MB
-
Sample
241222-zt4qnsynhw
-
MD5
9bb8279fe0e91d92d1c556265259877b
-
SHA1
aa6546ba10662a575dd2efe6f35776dd401d2dcb
-
SHA256
decb0b47bdccfb1c283b566a8c5d657c0dcbf9767ef26eb28aaeefb3d0d2e554
-
SHA512
37b903a3d6488f472a3ec9972cd5fe0d9e39ad1dc89d05740525da54b6a5ac030be6fc3bdd39d07d2766c29cd5f90783569657c1f614e3e4c993e68ab62b161e
-
SSDEEP
1572864:eGKlgWjosmwSk8IpG7V+VPhqHJE70bli08iYgj+h58sMwUD/ZeT:PKiVsmwSkB05awHfw025YD
Malware Config
Targets
-
-
Target
superdoopercoolthking.exe
-
Size
80.6MB
-
MD5
9bb8279fe0e91d92d1c556265259877b
-
SHA1
aa6546ba10662a575dd2efe6f35776dd401d2dcb
-
SHA256
decb0b47bdccfb1c283b566a8c5d657c0dcbf9767ef26eb28aaeefb3d0d2e554
-
SHA512
37b903a3d6488f472a3ec9972cd5fe0d9e39ad1dc89d05740525da54b6a5ac030be6fc3bdd39d07d2766c29cd5f90783569657c1f614e3e4c993e68ab62b161e
-
SSDEEP
1572864:eGKlgWjosmwSk8IpG7V+VPhqHJE70bli08iYgj+h58sMwUD/ZeT:PKiVsmwSkB05awHfw025YD
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-