General
-
Target
source_prepared.exe
-
Size
80.2MB
-
Sample
240702-a2qfkszdpg
-
MD5
a0a2ccc0793c8f59fe4227fd1e0ec642
-
SHA1
add222942ee2e5d42b66574e5f01df5a72407f59
-
SHA256
9352be65deed9d57052c8f9d6d10628687b7ceae6ab5fe8f57e7ed30a0013a70
-
SHA512
fee1427305967e111e08f7965d74f73fe43df79b1d7aa4c27cf6d1a3b01629671808f08ca8994732ab5d4200177cb3f5ea8eb2bbf2d096feeadc3e10dc062f5e
-
SSDEEP
1572864:pvxZQgl0SSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWY99SFcJz7:pvxZxvSkB05awcSeu5BN9917
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
80.2MB
-
MD5
a0a2ccc0793c8f59fe4227fd1e0ec642
-
SHA1
add222942ee2e5d42b66574e5f01df5a72407f59
-
SHA256
9352be65deed9d57052c8f9d6d10628687b7ceae6ab5fe8f57e7ed30a0013a70
-
SHA512
fee1427305967e111e08f7965d74f73fe43df79b1d7aa4c27cf6d1a3b01629671808f08ca8994732ab5d4200177cb3f5ea8eb2bbf2d096feeadc3e10dc062f5e
-
SSDEEP
1572864:pvxZQgl0SSk8IpG7V+VPhqcPE7hlgkiYgj+h58sMwVWY99SFcJz7:pvxZxvSkB05awcSeu5BN9917
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-