General
-
Target
photos.exe
-
Size
78.5MB
-
Sample
250112-lcla4syndr
-
MD5
a4c9a785c0e51be1eba029f03947d108
-
SHA1
9141272123df990f6b0462a13d4b2d2a8a133c17
-
SHA256
122c37ee120e2429eb8e348ab8b30124ed0f9ca295ffd9aec8423932a251702e
-
SHA512
390b8422a81d758d021eb19457bb08e70f34722b8179d29104528b54665a416ecbd3de5a1623253d6cfeccbe9194e048a87f48b706209b6e52eb0bee355197d0
-
SSDEEP
1572864:OHl4WLxMsmwSk8IpG7V+VPhq9AE7eliPiYgj+h58sMwSe37z1cJLRK:OHO6MsmwSkB05aw98wx5Oe37YR
Malware Config
Targets
-
-
Target
photos.exe
-
Size
78.5MB
-
MD5
a4c9a785c0e51be1eba029f03947d108
-
SHA1
9141272123df990f6b0462a13d4b2d2a8a133c17
-
SHA256
122c37ee120e2429eb8e348ab8b30124ed0f9ca295ffd9aec8423932a251702e
-
SHA512
390b8422a81d758d021eb19457bb08e70f34722b8179d29104528b54665a416ecbd3de5a1623253d6cfeccbe9194e048a87f48b706209b6e52eb0bee355197d0
-
SSDEEP
1572864:OHl4WLxMsmwSk8IpG7V+VPhq9AE7eliPiYgj+h58sMwSe37z1cJLRK:OHO6MsmwSkB05aw98wx5Oe37YR
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-