General
-
Target
ay.exe
-
Size
74.5MB
-
Sample
240705-z2fntaybqg
-
MD5
6da7f3cca2aadc93c577ae09701cb002
-
SHA1
16d0b3bcefae5dafafb6d8455fa605670c1d4729
-
SHA256
e338531b37813a27078ecd286adc4fa0f0b1542b9c6cbe7caa2b5583650258d0
-
SHA512
d6a15926acabb58edd293006ad12ccec1d03e963235d46f36737c3fa5b36d37ea7ae301e73a24229b6c8cb80304a7abe92e8a46479f101ef9cd134a176fe6556
-
SSDEEP
1572864:Bvl9Q1lAkN56ISk8IpG7V+VPhqzFE7gslQcCiYKrhbOoAkWWw94kHlIdKWXlQ:Bvl925rSkB05awz7sKerFoHp4kHadKWe
Malware Config
Targets
-
-
Target
ay.exe
-
Size
74.5MB
-
MD5
6da7f3cca2aadc93c577ae09701cb002
-
SHA1
16d0b3bcefae5dafafb6d8455fa605670c1d4729
-
SHA256
e338531b37813a27078ecd286adc4fa0f0b1542b9c6cbe7caa2b5583650258d0
-
SHA512
d6a15926acabb58edd293006ad12ccec1d03e963235d46f36737c3fa5b36d37ea7ae301e73a24229b6c8cb80304a7abe92e8a46479f101ef9cd134a176fe6556
-
SSDEEP
1572864:Bvl9Q1lAkN56ISk8IpG7V+VPhqzFE7gslQcCiYKrhbOoAkWWw94kHlIdKWXlQ:Bvl925rSkB05awz7sKerFoHp4kHadKWe
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-