General
-
Target
VirtualBox-7.1.6-167084-Win.exe
-
Size
117.3MB
-
Sample
250205-r4w5kssngm
-
MD5
8addd310d09249bc176c9c891aae41cb
-
SHA1
81212ad29642b2b261df42d25ccd23fe715914d1
-
SHA256
35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6
-
SHA512
b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77
-
SSDEEP
3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT
Malware Config
Targets
-
-
Target
VirtualBox-7.1.6-167084-Win.exe
-
Size
117.3MB
-
MD5
8addd310d09249bc176c9c891aae41cb
-
SHA1
81212ad29642b2b261df42d25ccd23fe715914d1
-
SHA256
35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6
-
SHA512
b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77
-
SSDEEP
3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT
Score8/10-
Drops file in Drivers directory
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-