General
-
Target
source_prepared.exe
-
Size
103.4MB
-
Sample
240703-ttfqystfql
-
MD5
d229c1003a271eb0acf3930d6f270ee8
-
SHA1
109b42af67d75a1db333e003b5f7cd3904fd973b
-
SHA256
5a7ff0435d4e197b9d7396be6c2bd8011ed84bf3d48c39039ac6ca837789bad5
-
SHA512
79cc97af753ab199b677a039b25e59f636995bc3bc8fd5f4c0dec1b093b8378b9c624f4e3c20de08e71fae048fd6d1d097022b923327e5e5e22e49967c4438fb
-
SSDEEP
3145728:An7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBW2D49U:gVBSWNa6sHCiH1XcBWl
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
103.4MB
-
MD5
d229c1003a271eb0acf3930d6f270ee8
-
SHA1
109b42af67d75a1db333e003b5f7cd3904fd973b
-
SHA256
5a7ff0435d4e197b9d7396be6c2bd8011ed84bf3d48c39039ac6ca837789bad5
-
SHA512
79cc97af753ab199b677a039b25e59f636995bc3bc8fd5f4c0dec1b093b8378b9c624f4e3c20de08e71fae048fd6d1d097022b923327e5e5e22e49967c4438fb
-
SSDEEP
3145728:An7pa8S6xjKcBa6c2qHO5iVY2nGQbRe0zJcBW2D49U:gVBSWNa6sHCiH1XcBWl
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-