General

  • Target

    923HS_source_prepared.exe

  • Size

    80.7MB

  • Sample

    241231-3aj4psxkck

  • MD5

    b95913a09511f8ec0d389fa3f477859a

  • SHA1

    a92832705c03c163720341b69fe1861fbadbd2b9

  • SHA256

    f1b48e2194d867d127b15500f10be4d94065859e398829086ae75da4b673d066

  • SHA512

    31b46f08e57478de3b76f878e2f81e75a2475cd653f14e540636fdf7f908e205c0222a5af42bd587054e1e894b1d0417becc5324acb3faf6df19e7adfeb46eae

  • SSDEEP

    1572864:KuGKlDWjysmwSk8IpG7V+VPhqFiE7BbliEoiYgj+h58sMw/DBZB:OK51smwSkB05awFVwE65Dt

Malware Config

Targets

    • Target

      923HS_source_prepared.exe

    • Size

      80.7MB

    • MD5

      b95913a09511f8ec0d389fa3f477859a

    • SHA1

      a92832705c03c163720341b69fe1861fbadbd2b9

    • SHA256

      f1b48e2194d867d127b15500f10be4d94065859e398829086ae75da4b673d066

    • SHA512

      31b46f08e57478de3b76f878e2f81e75a2475cd653f14e540636fdf7f908e205c0222a5af42bd587054e1e894b1d0417becc5324acb3faf6df19e7adfeb46eae

    • SSDEEP

      1572864:KuGKlDWjysmwSk8IpG7V+VPhqFiE7BbliEoiYgj+h58sMw/DBZB:OK51smwSkB05awFVwE65Dt

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks