Overview
overview
10Static
static
10Built.exe
windows10-1703-x64
10Built.exe
windows10-1703-x64
10Built.exe
windows7-x64
7Built.exe
windows10-2004-x64
8Built.exe
windows11-21h2-x64
8�@�~bi].pyc
windows7-x64
�@�~bi].pyc
windows10-1703-x64
�@�~bi].pyc
windows7-x64
�@�~bi].pyc
windows10-2004-x64
�@�~bi].pyc
windows11-21h2-x64
General
-
Target
Built.exe
-
Size
500.0MB
-
Sample
240530-tctw9aeg62
-
MD5
501b3ca374661590174a7edd0aa8c22c
-
SHA1
0edc4213001bafd06867ac49d3796bc1156a08e5
-
SHA256
461f243bca918989eb94628ab2a103a9e7d5f4b49efbaa1f92fce8b5e8978c0b
-
SHA512
7a91448a3d33af5a0898e6d60f6341c903a9cb01921a7d0eb19f34bcc750c4878f54be510aa0dc654652f17331d235c35b32a75bfe251070f561a7b22901ba69
-
SSDEEP
196608:NrM60tOeNTfm/pf+xk4dWRGtrbWOjgWy7:sy/pWu4kRGtrbvMWy7
Behavioral task
behavioral1
Sample
Built.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Built.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Built.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Built.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Built.exe
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
�@�~bi].pyc
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
�@�~bi].pyc
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
�@�~bi].pyc
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
�@�~bi].pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
�@�~bi].pyc
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Built.exe
-
Size
500.0MB
-
MD5
501b3ca374661590174a7edd0aa8c22c
-
SHA1
0edc4213001bafd06867ac49d3796bc1156a08e5
-
SHA256
461f243bca918989eb94628ab2a103a9e7d5f4b49efbaa1f92fce8b5e8978c0b
-
SHA512
7a91448a3d33af5a0898e6d60f6341c903a9cb01921a7d0eb19f34bcc750c4878f54be510aa0dc654652f17331d235c35b32a75bfe251070f561a7b22901ba69
-
SSDEEP
196608:NrM60tOeNTfm/pf+xk4dWRGtrbWOjgWy7:sy/pWu4kRGtrbvMWy7
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�@�~bi].pyc
-
Size
1KB
-
MD5
edd3cb4c0ed45cd10c53487a03042bf5
-
SHA1
4061ba2a4ddbf81798c018a028bbffcd61fe1c5a
-
SHA256
48b07e0da7df8a338578180f386bf29aaeeb8e6832a085991572dffaa4b007f7
-
SHA512
50a5ca2ed1271d8a0958ccae21bab4d99c4db6013c30af6deb6d0faa1cc547c77bd57d526641b007cc161f5254782e3d81bb9e7ae048953559611b9e010a9e8a
Score1/10 -