General
-
Target
source_prepared.exe
-
Size
107.5MB
-
Sample
240703-c1bxxaxcnp
-
MD5
ce7e3967cbebee2813bf0f2ba3c8d26b
-
SHA1
1e44ceb10b55bf0f948d1ab9fa1d6fcaf4dc97a6
-
SHA256
9ebe6af6e7151e2b8570753a04eb24745fb40f4b4d548d5c8c8ef55efb27bd0f
-
SHA512
8be40859dd7687502a389f51f0fe35a40a02b62055d12876622abb7cd49a100b9d1596c3a3086528a6cbedc8d036eedbaada06197797510b5d166105172bb7b5
-
SSDEEP
3145728:ZK7paiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0vM3:YVjSWNa6HHCittieBm
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
107.5MB
-
MD5
ce7e3967cbebee2813bf0f2ba3c8d26b
-
SHA1
1e44ceb10b55bf0f948d1ab9fa1d6fcaf4dc97a6
-
SHA256
9ebe6af6e7151e2b8570753a04eb24745fb40f4b4d548d5c8c8ef55efb27bd0f
-
SHA512
8be40859dd7687502a389f51f0fe35a40a02b62055d12876622abb7cd49a100b9d1596c3a3086528a6cbedc8d036eedbaada06197797510b5d166105172bb7b5
-
SSDEEP
3145728:ZK7paiS6xjKcBa6R2qHO5izBVnG0iWMstB2Ox0vM3:YVjSWNa6HHCittieBm
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-