General

  • Target

    Built.exe

  • Size

    17.0MB

  • Sample

    240530-zzapsabb48

  • MD5

    e298f85d08856f8cff01346df98331d9

  • SHA1

    b3e6194d27e46102b0d2e338a39c08e385b59830

  • SHA256

    98367134abaa4e5c12d7f768e3127d90c754bfe31081dc6e26d8fb60d7f117a5

  • SHA512

    fb7bdae3b6d301cdee5eb7752f39b6dad1f1bb0e67f67b2e62a639082844d2cbac14900f3881953f7f851303e19a077f295e9832bbf33225910b9239c5ecd3ac

  • SSDEEP

    196608:YraZ0dAeNTfm/pf+xk4dWRGtrbWOjgWyV:my/pWu4kRGtrbvMWyV

Malware Config

Targets

    • Target

      Built.exe

    • Size

      17.0MB

    • MD5

      e298f85d08856f8cff01346df98331d9

    • SHA1

      b3e6194d27e46102b0d2e338a39c08e385b59830

    • SHA256

      98367134abaa4e5c12d7f768e3127d90c754bfe31081dc6e26d8fb60d7f117a5

    • SHA512

      fb7bdae3b6d301cdee5eb7752f39b6dad1f1bb0e67f67b2e62a639082844d2cbac14900f3881953f7f851303e19a077f295e9832bbf33225910b9239c5ecd3ac

    • SSDEEP

      196608:YraZ0dAeNTfm/pf+xk4dWRGtrbWOjgWyV:my/pWu4kRGtrbvMWyV

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks