General
-
Target
PyExec.exe
-
Size
80.3MB
-
Sample
240702-sqr45ssfrr
-
MD5
6725557b568615d013ea051919ba5d72
-
SHA1
668d038234ab3a3c364ab7ea052e13ed04d6c47a
-
SHA256
a43eefc2de7a9730ff46135d8f98f0b646ad2a3aefd27958bc00fb13747d62a3
-
SHA512
c09a7a0d101b12134573df692f35125744db26e0263a38993e5c449a7f288474b6dad28ee0223126b96fb5227603324ce078ef95c9bdae5b6b15b45cfbaa5fce
-
SSDEEP
1572864:kvxZQglZSSk8IpG7V+VPhq+EE7hlgDiYgj+h58sMwoW399SFcJz7:kvxZx2SkB05aw+veN58y9917
Behavioral task
behavioral1
Sample
PyExec.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PyExec.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
PyExec.exe
-
Size
80.3MB
-
MD5
6725557b568615d013ea051919ba5d72
-
SHA1
668d038234ab3a3c364ab7ea052e13ed04d6c47a
-
SHA256
a43eefc2de7a9730ff46135d8f98f0b646ad2a3aefd27958bc00fb13747d62a3
-
SHA512
c09a7a0d101b12134573df692f35125744db26e0263a38993e5c449a7f288474b6dad28ee0223126b96fb5227603324ce078ef95c9bdae5b6b15b45cfbaa5fce
-
SSDEEP
1572864:kvxZQglZSSk8IpG7V+VPhq+EE7hlgDiYgj+h58sMwoW399SFcJz7:kvxZx2SkB05aw+veN58y9917
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-