General

  • Target

    build.exe

  • Size

    6.9MB

  • Sample

    240629-gfrj3svfqm

  • MD5

    4fa078342c6a273bbac064ee2b7f8e05

  • SHA1

    70072ac8a487353ea0c2e15bb8999596b8aa33a9

  • SHA256

    c5a659ee3adc8a65101dcbee49af33f4aa9450cfe9f7230c462f49bb70f3d596

  • SHA512

    978e70f151ba9b05bc304d3609fe5669b3918c5dbbbeed357a5310cb4cfd385a60c77f7488af87ffd25185b356a26268c6e41010c39e2d101665b303a57c2b0a

  • SSDEEP

    98304:XnzHqdVfB2FS27w2S3yuT/9vUIdD9C+z3zO917vOTh+ezDNh79vmJ1nmOBN9n4m7:XLQsBS3bT/9bvLz3S1bA3zsn97+0F

Malware Config

Targets

    • Target

      build.exe

    • Size

      6.9MB

    • MD5

      4fa078342c6a273bbac064ee2b7f8e05

    • SHA1

      70072ac8a487353ea0c2e15bb8999596b8aa33a9

    • SHA256

      c5a659ee3adc8a65101dcbee49af33f4aa9450cfe9f7230c462f49bb70f3d596

    • SHA512

      978e70f151ba9b05bc304d3609fe5669b3918c5dbbbeed357a5310cb4cfd385a60c77f7488af87ffd25185b356a26268c6e41010c39e2d101665b303a57c2b0a

    • SSDEEP

      98304:XnzHqdVfB2FS27w2S3yuT/9vUIdD9C+z3zO917vOTh+ezDNh79vmJ1nmOBN9n4m7:XLQsBS3bT/9bvLz3S1bA3zsn97+0F

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks