General
-
Target
source_prepared.exe
-
Size
77.6MB
-
Sample
240630-vyak6s1ekc
-
MD5
127e99c610cef16fc3ab09de26a5c4b6
-
SHA1
91d11fbb7b878b97a7ed4dbdde6d9ef3e3407782
-
SHA256
81fb88560e1d8ed53a9ab97c2a12bff393b213c9e2b03ad1d8acdcd6e6c2e734
-
SHA512
e796c9afba42053cff390a8a3b0858a71eebf48d58afe1b98f9e654816a4ee71fa6072bca99b87cfcf078f6fc94408c44d813410d4f8d246c8f48f20b7b6145e
-
SSDEEP
1572864:TviEaVKM6Sk8IpG7V+VPhqQduXE7SVNO3iYweyJulZUdgyXWncrUFZvkOI:TvZal6SkB05awkuRbjpueXmjkOI
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
77.6MB
-
MD5
127e99c610cef16fc3ab09de26a5c4b6
-
SHA1
91d11fbb7b878b97a7ed4dbdde6d9ef3e3407782
-
SHA256
81fb88560e1d8ed53a9ab97c2a12bff393b213c9e2b03ad1d8acdcd6e6c2e734
-
SHA512
e796c9afba42053cff390a8a3b0858a71eebf48d58afe1b98f9e654816a4ee71fa6072bca99b87cfcf078f6fc94408c44d813410d4f8d246c8f48f20b7b6145e
-
SSDEEP
1572864:TviEaVKM6Sk8IpG7V+VPhqQduXE7SVNO3iYweyJulZUdgyXWncrUFZvkOI:TvZal6SkB05awkuRbjpueXmjkOI
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-