General
-
Target
source_prepared.exe
-
Size
82.7MB
-
Sample
250412-22kzmssrs3
-
MD5
fe6e5b5520bb0f21c4e5084cdd335a69
-
SHA1
66180b59a885f4afbaa4107898325fc72acfe7d9
-
SHA256
5a8eccd2d5899d09cc119f81c28b3dfc0b75fe08c04a24fe39939e1375f0e600
-
SHA512
630a2e5299849dbada7258bc788224d3efbcb982459728c4bff0fa1c4133744cdc8d17c93a53330e18d907f5a3bdfd2bd7896c800cb9bb7034657907147868e4
-
SSDEEP
1572864:DtIupujKzlUWpRnPuOkiqOv8im2A60E7WgFlKwKiY4MHHLeqPNLtDdtSXyZZm0r:6YJmin2OknOv8i35ggFM4MHVLtBAyR
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
82.7MB
-
MD5
fe6e5b5520bb0f21c4e5084cdd335a69
-
SHA1
66180b59a885f4afbaa4107898325fc72acfe7d9
-
SHA256
5a8eccd2d5899d09cc119f81c28b3dfc0b75fe08c04a24fe39939e1375f0e600
-
SHA512
630a2e5299849dbada7258bc788224d3efbcb982459728c4bff0fa1c4133744cdc8d17c93a53330e18d907f5a3bdfd2bd7896c800cb9bb7034657907147868e4
-
SSDEEP
1572864:DtIupujKzlUWpRnPuOkiqOv8im2A60E7WgFlKwKiY4MHHLeqPNLtDdtSXyZZm0r:6YJmin2OknOv8i35ggFM4MHVLtBAyR
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-