General

  • Target

    Built.exe

  • Size

    6.6MB

  • Sample

    240624-yebwnssfjj

  • MD5

    c1807146b778db28f14239c36c608281

  • SHA1

    51051e8a04cdb1575ba9cde6be5a90fed6d29d58

  • SHA256

    ddc27d17ab950fe4f2410539200be4f09db52c489cc7dc0e2de70f5e4ec5ceaa

  • SHA512

    a41c43d171f55c5b2a41eb9595f3e374ccc74167b0edee77387a0eb3f742ef426cde69dccb50dea2b205e477866ba311c6fc6c1cc094da72a208068f127365da

  • SSDEEP

    98304:/kv9lwCqdi65sn6Wfz7pnxCMJk1JTxuZ3zEgyODSpXqPRyn36iI0krZb4pnNCLKX:/LPDOYMJeJT444SEon36T0Conc+X

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.6MB

    • MD5

      c1807146b778db28f14239c36c608281

    • SHA1

      51051e8a04cdb1575ba9cde6be5a90fed6d29d58

    • SHA256

      ddc27d17ab950fe4f2410539200be4f09db52c489cc7dc0e2de70f5e4ec5ceaa

    • SHA512

      a41c43d171f55c5b2a41eb9595f3e374ccc74167b0edee77387a0eb3f742ef426cde69dccb50dea2b205e477866ba311c6fc6c1cc094da72a208068f127365da

    • SSDEEP

      98304:/kv9lwCqdi65sn6Wfz7pnxCMJk1JTxuZ3zEgyODSpXqPRyn36iI0krZb4pnNCLKX:/LPDOYMJeJT444SEon36T0Conc+X

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • Target

      �O�b�h:.pyc

    • Size

      857B

    • MD5

      3c1cd68d70d4bafd53d5b6b29d1219f0

    • SHA1

      02811790eb212cbe9942940b6b48e1c88032b064

    • SHA256

      714a5f9c51c834e481b70f9fc21b94d536ad34312dfb16659fc7407702f921c3

    • SHA512

      6d038c0425af760a1d106d7e132cc5ae5273bdd9ffc316bb959f7e76aeadc7c4294bfb1d68abcc2a5662ed2662fc4e0131df687118eda4e049cb7d3fdb99674b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks