General
-
Target
source_prepared.exe
-
Size
80.9MB
-
Sample
240703-xvcmgavgmh
-
MD5
db3a687e23d257fb32f9ddc3321b1702
-
SHA1
deaf3c6a9a9837e2dba7abe896b7f1443f803fa4
-
SHA256
7898d62c128f2ad467ba4dc0717dc851c1ed4973189bebd30c05447aa9a31a04
-
SHA512
ce55c7ff36ae3a04160eaa3ce62c5d4dba546b31e6fc31a2d890f173ac765e67567c2ee59e1a6a58cb0c38de6b5df9edf025d43693a1dfa65ee5bdf2fa1eed3e
-
SSDEEP
1572864:4vxZQglgSk8IpG7V+VPhqYdfCE70lgLiYgj+h58sMwFWuWDxNwJk:4vxZxaSkB05awcfAeF55HM3
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
source_prepared.exe
-
Size
80.9MB
-
MD5
db3a687e23d257fb32f9ddc3321b1702
-
SHA1
deaf3c6a9a9837e2dba7abe896b7f1443f803fa4
-
SHA256
7898d62c128f2ad467ba4dc0717dc851c1ed4973189bebd30c05447aa9a31a04
-
SHA512
ce55c7ff36ae3a04160eaa3ce62c5d4dba546b31e6fc31a2d890f173ac765e67567c2ee59e1a6a58cb0c38de6b5df9edf025d43693a1dfa65ee5bdf2fa1eed3e
-
SSDEEP
1572864:4vxZQglgSk8IpG7V+VPhqYdfCE70lgLiYgj+h58sMwFWuWDxNwJk:4vxZxaSkB05awcfAeF55HM3
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1