General
-
Target
source_prepared.exe
-
Size
72.3MB
-
Sample
241226-mzhdeatngm
-
MD5
a4bb79deffe43c01a248c58584169aee
-
SHA1
a7bc17c0d8826dfb337021849573829872cc509e
-
SHA256
fbf9307835fbb1092a204e7a770b10b17c9b328ba3fd03bb6ad49cd3b0827512
-
SHA512
6084096bc5845aa586bd94221f618f6278ac9e04283cb5bfd49a5d8255e77bc18b14a507eeb710639ceba1ad6e68d96589def74743245dbf770b6ecb03f201b7
-
SSDEEP
1572864:HhlAWDZomcSk8IpG7V+VPhqerE7WIlKTiY4MHHLeqPNLtDaBpLbZzTUx:HhW4ZomcSkB05awehIMEMHVLtmBpLbt
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
72.3MB
-
MD5
a4bb79deffe43c01a248c58584169aee
-
SHA1
a7bc17c0d8826dfb337021849573829872cc509e
-
SHA256
fbf9307835fbb1092a204e7a770b10b17c9b328ba3fd03bb6ad49cd3b0827512
-
SHA512
6084096bc5845aa586bd94221f618f6278ac9e04283cb5bfd49a5d8255e77bc18b14a507eeb710639ceba1ad6e68d96589def74743245dbf770b6ecb03f201b7
-
SSDEEP
1572864:HhlAWDZomcSk8IpG7V+VPhqerE7WIlKTiY4MHHLeqPNLtDaBpLbZzTUx:HhW4ZomcSkB05awehIMEMHVLtmBpLbt
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-