General
-
Target
ElectronBeta.exe
-
Size
76.4MB
-
Sample
240701-g9lwpa1glr
-
MD5
3bbd633078dd331046c758d925fcb24e
-
SHA1
75b5b53ef42803ab530e60e17e1cb8a0ca60b59b
-
SHA256
bcec7cc976d0b720abb55fb944ad9dde194b4996445421c21e294946368c3c3a
-
SHA512
40765c483910d97d111aa022ca929d80ca21070a322cd4225914a2e2afaa57b81f2f7d829ee8128e61badbf5a2740e0caa8e992a254fdfc9ebab537ec98782ff
-
SSDEEP
1572864:UviEKlRSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4gjKusla/Z9U:UvZKTSkB05awcfhdCpukdRUDX9U
Behavioral task
behavioral1
Sample
ElectronBeta.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ElectronBeta.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
ElectronBeta.exe
-
Size
76.4MB
-
MD5
3bbd633078dd331046c758d925fcb24e
-
SHA1
75b5b53ef42803ab530e60e17e1cb8a0ca60b59b
-
SHA256
bcec7cc976d0b720abb55fb944ad9dde194b4996445421c21e294946368c3c3a
-
SHA512
40765c483910d97d111aa022ca929d80ca21070a322cd4225914a2e2afaa57b81f2f7d829ee8128e61badbf5a2740e0caa8e992a254fdfc9ebab537ec98782ff
-
SSDEEP
1572864:UviEKlRSk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4gjKusla/Z9U:UvZKTSkB05awcfhdCpukdRUDX9U
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1