General
-
Target
DIDDY.exe
-
Size
75.4MB
-
Sample
240704-1p3hgstbjf
-
MD5
71fa5e05dbb785dc82ed7623d5aa7614
-
SHA1
e5cd78249d87b2b2a8f8d9a8071bf907a8d2bb86
-
SHA256
4c260966a4ec1f7b53cd4802b66f14db5e5ebd657bb327c68522f67d345c7e5f
-
SHA512
6dff154ee19df4772a0b6f905f54d4d2445840f5bd56428a451bf14155fe460d9c029e7d765a00bc515911874a6420ec590353df1e5a900619698a4087226aec
-
SSDEEP
1572864:UvhQ6l8LSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWtvZLkI9Q:Uvh1iLSkB05awIxTy5nMHVLteSkWIa
Behavioral task
behavioral1
Sample
DIDDY.exe
Resource
win11-20240704-en
Malware Config
Targets
-
-
Target
DIDDY.exe
-
Size
75.4MB
-
MD5
71fa5e05dbb785dc82ed7623d5aa7614
-
SHA1
e5cd78249d87b2b2a8f8d9a8071bf907a8d2bb86
-
SHA256
4c260966a4ec1f7b53cd4802b66f14db5e5ebd657bb327c68522f67d345c7e5f
-
SHA512
6dff154ee19df4772a0b6f905f54d4d2445840f5bd56428a451bf14155fe460d9c029e7d765a00bc515911874a6420ec590353df1e5a900619698a4087226aec
-
SSDEEP
1572864:UvhQ6l8LSk8IpG7V+VPhqIbE7WTylPj4iY4MHHLeqPNLtDaSWtvZLkI9Q:Uvh1iLSkB05awIxTy5nMHVLteSkWIa
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1