General
-
Target
source_prepared.exe
-
Size
76.5MB
-
Sample
240702-nvdp4azhph
-
MD5
7f3285b3f30c6affce7898e1fb473365
-
SHA1
0a274799150d1174356c3cc54fb24f1459174caa
-
SHA256
15a5a114b7b23cf243e11aeeb57f92e3add52ee82f5f4efcfdef5eaedb89e090
-
SHA512
89f3601de70658f4322c2d5ee9e3fbe7ac1f42ff2c6d9ae512074cc4e67bc846a7596b4726bb7d293e3df64c560703a391a9f76e66fb2a1f11abae81e0a8bf99
-
SSDEEP
1572864:7vHcRlXSk8IpG7V+VPhqb+TTE7HlHTdiYweyJulZUdgcMWhZ+XZvkOu:7vHcRJSkB05awb+T0dmpuIMgUkOu
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
76.5MB
-
MD5
7f3285b3f30c6affce7898e1fb473365
-
SHA1
0a274799150d1174356c3cc54fb24f1459174caa
-
SHA256
15a5a114b7b23cf243e11aeeb57f92e3add52ee82f5f4efcfdef5eaedb89e090
-
SHA512
89f3601de70658f4322c2d5ee9e3fbe7ac1f42ff2c6d9ae512074cc4e67bc846a7596b4726bb7d293e3df64c560703a391a9f76e66fb2a1f11abae81e0a8bf99
-
SSDEEP
1572864:7vHcRlXSk8IpG7V+VPhqb+TTE7HlHTdiYweyJulZUdgcMWhZ+XZvkOu:7vHcRJSkB05awb+T0dmpuIMgUkOu
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-