General

  • Target

    Built.exe

  • Size

    8.1MB

  • Sample

    240624-g26wwssenm

  • MD5

    469f382e84c16fa52e7c1038f144b014

  • SHA1

    edf1b38b56032e323b9d4931a8f3b195bce437b4

  • SHA256

    73f6339753750f1c66b790cfdcfe5716aa3c96f4c4b65926929e2617e2feda1f

  • SHA512

    02c94db86e8148f274bb1009630ded4a5547b22bf2adcaae428aa1e31d340c55d90a6b447b87bd63d3ff653dc664507bc751755642647b3d3a74c446f6b51801

  • SSDEEP

    196608:qrpd8PzCCLjv+bhqNVoB0SEsucQZ41JBMSE+IP11tJv:g8PzBL+9qz80SJHQK1J/y1vJv

Malware Config

Targets

    • Target

      Built.exe

    • Size

      8.1MB

    • MD5

      469f382e84c16fa52e7c1038f144b014

    • SHA1

      edf1b38b56032e323b9d4931a8f3b195bce437b4

    • SHA256

      73f6339753750f1c66b790cfdcfe5716aa3c96f4c4b65926929e2617e2feda1f

    • SHA512

      02c94db86e8148f274bb1009630ded4a5547b22bf2adcaae428aa1e31d340c55d90a6b447b87bd63d3ff653dc664507bc751755642647b3d3a74c446f6b51801

    • SSDEEP

      196608:qrpd8PzCCLjv+bhqNVoB0SEsucQZ41JBMSE+IP11tJv:g8PzBL+9qz80SJHQK1J/y1vJv

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks