General

  • Target

    BUILT.EXE

  • Size

    8.2MB

  • Sample

    240603-h6v6mahb25

  • MD5

    1d657c176bc648b64b336af9bfba2434

  • SHA1

    43dcabb06cbf349099048a037f05534406f192ac

  • SHA256

    9e7db3f5baf0d3fcf4d7b300c5662298037c3b588912fc2a97458bfd7ca896dc

  • SHA512

    58702c0cee021ef9d6ee2602d16ecdfffdedc4d992befe95bb99db9123a938c59c7403e26be24a47de26d0d1a878523f6318511c7e5e127a9007a0390cfd9bc6

  • SSDEEP

    196608:KrFqyI5EurErvI9pWjgaAnajMsbSEo23fQC//OoLxhH:kSEurEUWjJjIfoo4jLxhH

Malware Config

Targets

    • Target

      BUILT.EXE

    • Size

      8.2MB

    • MD5

      1d657c176bc648b64b336af9bfba2434

    • SHA1

      43dcabb06cbf349099048a037f05534406f192ac

    • SHA256

      9e7db3f5baf0d3fcf4d7b300c5662298037c3b588912fc2a97458bfd7ca896dc

    • SHA512

      58702c0cee021ef9d6ee2602d16ecdfffdedc4d992befe95bb99db9123a938c59c7403e26be24a47de26d0d1a878523f6318511c7e5e127a9007a0390cfd9bc6

    • SSDEEP

      196608:KrFqyI5EurErvI9pWjgaAnajMsbSEo23fQC//OoLxhH:kSEurEUWjJjIfoo4jLxhH

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks