Analysis
-
max time kernel
21s -
max time network
42s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
06-01-2021 17:56
Static task
static1
Behavioral task
behavioral1
Sample
Build.exe
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
Build.exe
-
Size
533KB
-
MD5
be064c1864b02feab6d41ed1a0ecf2a0
-
SHA1
be285923433bbd32e8c896bb71910180a15cf61f
-
SHA256
d2b4d092f178023c22ec781d1ead02de46a5b5b159cc1930220e44d9f1168225
-
SHA512
4aad663524f7f012c438940040b2a3c0a9e552b5a64306827cb3deb642cacae54ca62a70fa9b2261681f14dfd67feb07eb80e6196b320d8b400f45aa303cb40c
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 6 api.ipify.org 7 api.ipify.org -
Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
Processes:
Build.exepid process 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
Processes:
Build.exepid process 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe 972 Build.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Build.exedescription pid process Token: SeDebugPrivilege 972 Build.exe