General
-
Target
source_prepared.exe
-
Size
102.7MB
-
Sample
240703-hevqsa1gmh
-
MD5
9af65fb0ad62ffb42a2eee3f8fb47107
-
SHA1
b6ef71153aa107d346173dba4bfade7f697b3dbf
-
SHA256
9fa682348b61f5752d171d67d5b98d16425c163565502e6c2400bcbe742c11e3
-
SHA512
b714c85dbc7f3469b4f6f5013af4f486664806b5aedaf2ba266cabb5290e4de93e3ede2cdd70da2635bf7705328c1d588d2c9972fb4a029fe049cefdafa289ce
-
SSDEEP
3145728:bn7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWeD49U:7VBSWNa6sHCiH1XcBWt
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
102.7MB
-
MD5
9af65fb0ad62ffb42a2eee3f8fb47107
-
SHA1
b6ef71153aa107d346173dba4bfade7f697b3dbf
-
SHA256
9fa682348b61f5752d171d67d5b98d16425c163565502e6c2400bcbe742c11e3
-
SHA512
b714c85dbc7f3469b4f6f5013af4f486664806b5aedaf2ba266cabb5290e4de93e3ede2cdd70da2635bf7705328c1d588d2c9972fb4a029fe049cefdafa289ce
-
SSDEEP
3145728:bn7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBWeD49U:7VBSWNa6sHCiH1XcBWt
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-