General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
240628-jfjwca1bll
-
MD5
8aa033b51d016f421a32b7d6d3605bdc
-
SHA1
1ae6b754350bb41ee83ae9b77e2cdbc44fef56f1
-
SHA256
1048987b04b4dc575f1e506bb09c6525042f88e30cf71abe6c2488ab671e8147
-
SHA512
00277def7bae17178a264deb29192f611cbcb06a3a89cd87125b2b31241082471d25a9acdd4b470e79592e69ee8df7183d495a95e6cdc4f09b3b4dae840292d2
-
SSDEEP
98304:5pDjWM8JEE1rZamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFWw:5p0keNTfm/pf+xk4dWRatrbWOjgKX
Behavioral task
behavioral1
Sample
Built.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
8aa033b51d016f421a32b7d6d3605bdc
-
SHA1
1ae6b754350bb41ee83ae9b77e2cdbc44fef56f1
-
SHA256
1048987b04b4dc575f1e506bb09c6525042f88e30cf71abe6c2488ab671e8147
-
SHA512
00277def7bae17178a264deb29192f611cbcb06a3a89cd87125b2b31241082471d25a9acdd4b470e79592e69ee8df7183d495a95e6cdc4f09b3b4dae840292d2
-
SSDEEP
98304:5pDjWM8JEE1rZamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFWw:5p0keNTfm/pf+xk4dWRatrbWOjgKX
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-