Overview

overview

10

Static

static

10

first.exe

windows10-ltsc 2021-x64

9

Resubmissions

03-02-2025 03:00

250203-dhlvtsxpey 10

03-02-2025 00:30

250203-atj9latkgs 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    first.exe

  • Size

    84.9MB

  • Sample

    250203-dhlvtsxpey

  • MD5

    9c453a9712b9219abc49c8aaa6c5a6d5

  • SHA1

    6f84482f802b0ee48e59fe44da855b7e7ce7546e

  • SHA256

    71fee025e3825e8edd5b36132d504c8bd4ac384625c943e29119a8c09bbfac7a

  • SHA512

    df146bc2cd2e105fc9ab87c265403308abd84817f6c8b2261d40b84a78e42c38ba6f804588c932bd58a91b892ffb2d32844559947124b8bf4f53a36cf8247713

  • SSDEEP

    1572864:CTPGULSiukfhLhyPlzwnGKlbWjdsm/OkiqOv8im2AzJE74blicRVPw/:CTjLSiuIhLhy9cGKRcsm/OknOv8i3mHu

Score
10/10
pysilondefense_evasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      first.exe

    • Size

      84.9MB

    • MD5

      9c453a9712b9219abc49c8aaa6c5a6d5

    • SHA1

      6f84482f802b0ee48e59fe44da855b7e7ce7546e

    • SHA256

      71fee025e3825e8edd5b36132d504c8bd4ac384625c943e29119a8c09bbfac7a

    • SHA512

      df146bc2cd2e105fc9ab87c265403308abd84817f6c8b2261d40b84a78e42c38ba6f804588c932bd58a91b892ffb2d32844559947124b8bf4f53a36cf8247713

    • SSDEEP

      1572864:CTPGULSiukfhLhyPlzwnGKlbWjdsm/OkiqOv8im2AzJE74blicRVPw/:CTjLSiuIhLhy9cGKRcsm/OknOv8i3mHu

    Score
    9/10
    defense_evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks