General
-
Target
Built.exe
-
Size
5.9MB
-
Sample
240531-yw8lzabf3y
-
MD5
eb93692b6e6ee191b426bd0f5cc4d285
-
SHA1
06b9b6b99145d62c34a154e5ba6f5ba99bbb3661
-
SHA256
d1cbeb3dcc30ecce0a6f032ac68e3fc1b75812fdc6aa48c3221443d25a3c7fa4
-
SHA512
3f1d302999dda0529371711ca6665e4578572dc430a7e3483623a5a0790f45ccd5283f08f4346e82fb6555ba385dc8ca8ba9dc8a350968c3a9a2aedaf2c87ec5
-
SSDEEP
98304:mrwv+WCHT8i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFj9h6krJ5Q:mrwmruDOYjJlpZstQoS9Hf12VKX4b6Ck
Behavioral task
behavioral1
Sample
Built.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Built.exe
-
Size
5.9MB
-
MD5
eb93692b6e6ee191b426bd0f5cc4d285
-
SHA1
06b9b6b99145d62c34a154e5ba6f5ba99bbb3661
-
SHA256
d1cbeb3dcc30ecce0a6f032ac68e3fc1b75812fdc6aa48c3221443d25a3c7fa4
-
SHA512
3f1d302999dda0529371711ca6665e4578572dc430a7e3483623a5a0790f45ccd5283f08f4346e82fb6555ba385dc8ca8ba9dc8a350968c3a9a2aedaf2c87ec5
-
SSDEEP
98304:mrwv+WCHT8i65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFj9h6krJ5Q:mrwmruDOYjJlpZstQoS9Hf12VKX4b6Ck
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-