General
-
Target
RoFix.exe
-
Size
35.5MB
-
Sample
250121-cbt27azpfj
-
MD5
c685da925e0d4cd81253fc2a862bcacd
-
SHA1
524fb7ceb23455fba9a1178227df36c63649cd17
-
SHA256
f33f4b5d2ec9e421f0d5b2b9f70b2caef04f24f3188e5198933cbbd3c487daa6
-
SHA512
5cd7381fb350037ed0b2fddd6dfc90dfcbb6129fc9ca38435301ecf886b240b61b4f75f48e5f7821c111ce698052eff937a24ec40dd34764a7f68d91e70919ff
-
SSDEEP
786432:T6VjlxwW8bKLXm1NwO8zcY876MlXRXuBBjWx8vWnWGmVtRJ8rn2k:eVjlCWK2XmwlE71lh+BBy7njQtzMn
Malware Config
Targets
-
-
Target
RoFix.exe
-
Size
35.5MB
-
MD5
c685da925e0d4cd81253fc2a862bcacd
-
SHA1
524fb7ceb23455fba9a1178227df36c63649cd17
-
SHA256
f33f4b5d2ec9e421f0d5b2b9f70b2caef04f24f3188e5198933cbbd3c487daa6
-
SHA512
5cd7381fb350037ed0b2fddd6dfc90dfcbb6129fc9ca38435301ecf886b240b61b4f75f48e5f7821c111ce698052eff937a24ec40dd34764a7f68d91e70919ff
-
SSDEEP
786432:T6VjlxwW8bKLXm1NwO8zcY876MlXRXuBBjWx8vWnWGmVtRJ8rn2k:eVjlCWK2XmwlE71lh+BBy7njQtzMn
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-