Overview

overview

10

Static

static

10

source_prepared.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    43.6MB

  • Sample

    250102-tmkrbsxpa1

  • MD5

    028ee153ee95f488838dedf67617f82b

  • SHA1

    a98ac5480c8020c28600dc53468c57ceb3b384a2

  • SHA256

    aec50782c53887f5ba0eb2cef1708e0ab4a2521dd07cc89f751d167de3071ccf

  • SHA512

    546242939ec77c82e25306e2e3f8055216b23eb0a735dff53ff707f3c2c30b33a6bba7fa38e45eca9957cf8819c12921e4fc3e58564d8af9f9facb36fc116926

  • SSDEEP

    786432:t9Yidhp3OEVl8ZFW8qNuwq3ObRqza1QtIX02j6+s7LWB75zuXVgxCuA1KsMrSNm9:t9JxSFWhu3CRsmiIk2qHWB75ilZZ8QN8

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      43.6MB

    • MD5

      028ee153ee95f488838dedf67617f82b

    • SHA1

      a98ac5480c8020c28600dc53468c57ceb3b384a2

    • SHA256

      aec50782c53887f5ba0eb2cef1708e0ab4a2521dd07cc89f751d167de3071ccf

    • SHA512

      546242939ec77c82e25306e2e3f8055216b23eb0a735dff53ff707f3c2c30b33a6bba7fa38e45eca9957cf8819c12921e4fc3e58564d8af9f9facb36fc116926

    • SSDEEP

      786432:t9Yidhp3OEVl8ZFW8qNuwq3ObRqza1QtIX02j6+s7LWB75zuXVgxCuA1KsMrSNm9:t9JxSFWhu3CRsmiIk2qHWB75ilZZ8QN8

    Score
    9/10
    evasionexecutionpersistencepyinstaller

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks