General
-
Target
password_is_eulen.rar
-
Size
77.1MB
-
Sample
240707-fqpykawhnh
-
MD5
0f460fac31d9e23f746066088ad0827d
-
SHA1
ef35069656d7eed355088cfc3e62768e728d3e3f
-
SHA256
dc13012a416e33b2b35f2cc06e3a462371c1c522cc488b5e8c0ac400986cc7c2
-
SHA512
655e40d8ea3e7d6536f2ceb41b5b56e0c7410007188d5f7455c1818c530af3792868dcd6c8622b5ea4c142eb1717012f39a2e42c5738cf6e29808e720365e80b
-
SSDEEP
1572864:lF2IBCS/yY6p7v2iN5rvewmibmmaIt5F0wb:lF2OT/3q2iPrGw5bmmf3xb
Malware Config
Targets
-
-
Target
password_is_eulen.rar
-
Size
77.1MB
-
MD5
0f460fac31d9e23f746066088ad0827d
-
SHA1
ef35069656d7eed355088cfc3e62768e728d3e3f
-
SHA256
dc13012a416e33b2b35f2cc06e3a462371c1c522cc488b5e8c0ac400986cc7c2
-
SHA512
655e40d8ea3e7d6536f2ceb41b5b56e0c7410007188d5f7455c1818c530af3792868dcd6c8622b5ea4c142eb1717012f39a2e42c5738cf6e29808e720365e80b
-
SSDEEP
1572864:lF2IBCS/yY6p7v2iN5rvewmibmmaIt5F0wb:lF2OT/3q2iPrGw5bmmf3xb
Score3/10 -
-
-
Target
loader_prod.exe
-
Size
80.1MB
-
MD5
92477f30c4f27f6c625febd0a86e60fa
-
SHA1
14cb775fbecd206083e5156d618a15ec78da3978
-
SHA256
d5d71f6880c02d6f49acf97a1bc54b9d8f30ccb9ea7671498476e040e6aee49d
-
SHA512
e1328742a997b34657e7c89da744a7a42575d1ecac01d0ab95636d50377a7960e6d480ad797b11b5ada500b815b8d2b7a0aa175e6165290fcb247565b8d83e71
-
SSDEEP
1572864:xvxZQgl+Sk8IpG7V+VPhqWKUpE7JlguBiYgj+h58sMwxWS9hnXcJza:xvxZxESkB05awWKUYeuT5179hMa
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1