Overview

overview

8

Static

static

3

Client-built.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    67.0MB

  • Sample

    231116-ymfjtsfa95

  • MD5

    e63d206de134c853fc237e03e98dac21

  • SHA1

    9ef0110adb6bba02d106d9611fc1de5b9e69808f

  • SHA256

    5ee66cd3a5198a6ee9c980aa4d2ce16b3149397133cfd228eae9a41fc7106a4e

  • SHA512

    ed0d7d4e0d270da5d3688f62362b516e562b5db63a76d39d288a32aac6fb9c3a301037ce19435f1412c91014d2e8f4c2539ba3a5281e9a8e2a46df8e18de58b2

  • SSDEEP

    1572864:VPnjqgtyq3zKCamxTztdQE7nD0C7yVQZ2qHWB75idb+e9fWHFtSVDa:VPnUqkmZ5dBDb2qHO5idCepS7Qa

Score
8/10
pyinstaller

Malware Config

Targets

    • Target

      Client-built.exe

    • Size

      67.0MB

    • MD5

      e63d206de134c853fc237e03e98dac21

    • SHA1

      9ef0110adb6bba02d106d9611fc1de5b9e69808f

    • SHA256

      5ee66cd3a5198a6ee9c980aa4d2ce16b3149397133cfd228eae9a41fc7106a4e

    • SHA512

      ed0d7d4e0d270da5d3688f62362b516e562b5db63a76d39d288a32aac6fb9c3a301037ce19435f1412c91014d2e8f4c2539ba3a5281e9a8e2a46df8e18de58b2

    • SSDEEP

      1572864:VPnjqgtyq3zKCamxTztdQE7nD0C7yVQZ2qHWB75idb+e9fWHFtSVDa:VPnUqkmZ5dBDb2qHO5idCepS7Qa

    Score
    8/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks