General
-
Target
source_prepared.exe
-
Size
103.3MB
-
Sample
240702-qptv8sycjm
-
MD5
35833ea5312bb2ae71425361e949e10e
-
SHA1
5155b7ba16fbd35cc2b34c5593acc215dc914e19
-
SHA256
d18a002f71ef847add3737b791e1d8145d7e8bd35bc252f3e954b538bb39ed7e
-
SHA512
79e670e3bad7b44262b36ebfd4860a831af027391f11ae5ef0e62c59d4a5f0a3821d7ea82442574e25bb74b64eab178a71e7ffad812f2e331a49772d3322b32e
-
SSDEEP
3145728:3n7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWnA49U:XVBSWNa6sHCiH1XcBWZ
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
103.3MB
-
MD5
35833ea5312bb2ae71425361e949e10e
-
SHA1
5155b7ba16fbd35cc2b34c5593acc215dc914e19
-
SHA256
d18a002f71ef847add3737b791e1d8145d7e8bd35bc252f3e954b538bb39ed7e
-
SHA512
79e670e3bad7b44262b36ebfd4860a831af027391f11ae5ef0e62c59d4a5f0a3821d7ea82442574e25bb74b64eab178a71e7ffad812f2e331a49772d3322b32e
-
SSDEEP
3145728:3n7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWnA49U:XVBSWNa6sHCiH1XcBWZ
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-