General
-
Target
BUILT.EXE
-
Size
8.2MB
-
Sample
240603-h6v6mahb25
-
MD5
1d657c176bc648b64b336af9bfba2434
-
SHA1
43dcabb06cbf349099048a037f05534406f192ac
-
SHA256
9e7db3f5baf0d3fcf4d7b300c5662298037c3b588912fc2a97458bfd7ca896dc
-
SHA512
58702c0cee021ef9d6ee2602d16ecdfffdedc4d992befe95bb99db9123a938c59c7403e26be24a47de26d0d1a878523f6318511c7e5e127a9007a0390cfd9bc6
-
SSDEEP
196608:KrFqyI5EurErvI9pWjgaAnajMsbSEo23fQC//OoLxhH:kSEurEUWjJjIfoo4jLxhH
Behavioral task
behavioral1
Sample
BUILT.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
BUILT.EXE
-
Size
8.2MB
-
MD5
1d657c176bc648b64b336af9bfba2434
-
SHA1
43dcabb06cbf349099048a037f05534406f192ac
-
SHA256
9e7db3f5baf0d3fcf4d7b300c5662298037c3b588912fc2a97458bfd7ca896dc
-
SHA512
58702c0cee021ef9d6ee2602d16ecdfffdedc4d992befe95bb99db9123a938c59c7403e26be24a47de26d0d1a878523f6318511c7e5e127a9007a0390cfd9bc6
-
SSDEEP
196608:KrFqyI5EurErvI9pWjgaAnajMsbSEo23fQC//OoLxhH:kSEurEUWjJjIfoo4jLxhH
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-