General
-
Target
Neva Tag PCVR Fixed AGAIN! - Neva () Unity 7784321236755 ID UNITY TOKEN.zip
-
Size
76.1MB
-
Sample
240630-1dn6qazbjk
-
MD5
f30b3893ecb0a527058b446c748888f1
-
SHA1
b2a61f40195363ba1f9be2590f72180f31cff0a0
-
SHA256
fb85c4c74118f9b41bc668015bfb1345d89f3582ffcf359afe35705594c744b9
-
SHA512
0bda027d0eae6cafa6af1e8b15e69d3c905891fcef8862e357e4c037fd9833e046875274d45a77312174d3b4936a9455e53845907deddb284f7f77b31a69220c
-
SSDEEP
1572864:KHu2oTJsmw0vyX5AfZ/08bBOoP6x9V75WIwoLo3xgTs84olB519huF9+C:KHRolsmnKpWMIBeDJNoI4oXzA9+C
Malware Config
Targets
-
-
Target
Neva Tag PCVR Fixed AGAIN! - Neva () Unity 7784321236755 ID UNITY TOKEN/Neva Tag PCVR Fixed AGAIN! - Neva () Unity 7784321236755 ID UNITY TOKEN.exe
-
Size
76.5MB
-
MD5
00f1e4349a847c6e8da251d68449cfb8
-
SHA1
f3769a57dab841bf4feb07d77937db5b7a378fcb
-
SHA256
183bcf9bcb41cca21a6290fb8c36b3936acb557bf07120507b4fefd5ae0177f8
-
SHA512
0a36e573915b83b35166a572f95adb2f1bd755e75247b65c5a32a596c44b18466115ac87c5de59c9d5e594455d1674a333d0cbbe06b70641d245741a1c443e5c
-
SSDEEP
1572864:aviEKlRSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW41jtuslE/Z9U:avZKTSkB05awcfhdCpukdRBAZ9U
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-