General
-
Target
Built.exe
-
Size
8.2MB
-
Sample
240926-xjpsnavgpb
-
MD5
873a8095a5c8e901f59efc4a75b2ce0a
-
SHA1
8ebcf59d31f6d8759dbaae5ca498a856cdd79a9c
-
SHA256
e06a943ba6d1cd88b09399d56795c638204c2c9fcf2608ca38138733d5c2c864
-
SHA512
a9a703185a228aab85c33a420bb6380d7ab05421244c430b0c8c10fc1a0e2ee931c529d9cef7abc785dc8a0ca47c944651241e8fbc6b029aa1068587baeb0cdd
-
SSDEEP
196608:UJy4ourErvI9pWjgaAnajMsbSEo2DfQC//OoBPmU/:wy/urEUWjJjIfco4jFv/
Behavioral task
behavioral1
Sample
Built.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Built.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
0��0�^[.pyc
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
0��0�^[.pyc
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Built.exe
-
Size
8.2MB
-
MD5
873a8095a5c8e901f59efc4a75b2ce0a
-
SHA1
8ebcf59d31f6d8759dbaae5ca498a856cdd79a9c
-
SHA256
e06a943ba6d1cd88b09399d56795c638204c2c9fcf2608ca38138733d5c2c864
-
SHA512
a9a703185a228aab85c33a420bb6380d7ab05421244c430b0c8c10fc1a0e2ee931c529d9cef7abc785dc8a0ca47c944651241e8fbc6b029aa1068587baeb0cdd
-
SSDEEP
196608:UJy4ourErvI9pWjgaAnajMsbSEo2DfQC//OoBPmU/:wy/urEUWjJjIfco4jFv/
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
0��0�^[.pyc
-
Size
1KB
-
MD5
a69fa5435c84361f922bf78c3a4a67ab
-
SHA1
8ba6c377044870a829c4e1aaaebc8f88618b356b
-
SHA256
29e51f9e77cf86821e06631d65ebe7efc8b4d1aade5fa9511986de49d04683a7
-
SHA512
47a4681731666b5db596b2374b5af0a41aff47e6dbdc822c772c3acbaeb00d1b9b619adb8477f0df8e343c145f4931d2a59cae8cc10acca22e994acdc63e26bf
Score1/10 -