General
-
Target
c7d2b2f8d7ca7c18b8897dcb0385f8b0.bin
-
Size
80.7MB
-
Sample
240701-dznqravdkd
-
MD5
c7d2b2f8d7ca7c18b8897dcb0385f8b0
-
SHA1
2d09ebdb52daf7966983ccfe0852eb96b3347d65
-
SHA256
ae36cc8af7662891be321dc534caae678990f5d0c91415c3baaa8301e34958a5
-
SHA512
5fe22bc443072d3b7e08bacb2d5eef7e3cb8ac70ee290a749619cf9e1777b4f003f60bc40ec0530c6300ab441b4affbe0ba0249c98d10effe0857cc166b5de91
-
SSDEEP
1572864:GvNBYQglkySk8IpG7V+VPhqQdSiE70lg3iYgj+h58sMwAWXrDxNwJk:GvNBYxvSkB05awkSgeJ50K/3
Malware Config
Targets
-
-
Target
c7d2b2f8d7ca7c18b8897dcb0385f8b0.bin
-
Size
80.7MB
-
MD5
c7d2b2f8d7ca7c18b8897dcb0385f8b0
-
SHA1
2d09ebdb52daf7966983ccfe0852eb96b3347d65
-
SHA256
ae36cc8af7662891be321dc534caae678990f5d0c91415c3baaa8301e34958a5
-
SHA512
5fe22bc443072d3b7e08bacb2d5eef7e3cb8ac70ee290a749619cf9e1777b4f003f60bc40ec0530c6300ab441b4affbe0ba0249c98d10effe0857cc166b5de91
-
SSDEEP
1572864:GvNBYQglkySk8IpG7V+VPhqQdSiE70lg3iYgj+h58sMwAWXrDxNwJk:GvNBYxvSkB05awkSgeJ50K/3
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-