General

  • Target

    Built.exe

  • Size

    8.2MB

  • Sample

    240926-xjpsnavgpb

  • MD5

    873a8095a5c8e901f59efc4a75b2ce0a

  • SHA1

    8ebcf59d31f6d8759dbaae5ca498a856cdd79a9c

  • SHA256

    e06a943ba6d1cd88b09399d56795c638204c2c9fcf2608ca38138733d5c2c864

  • SHA512

    a9a703185a228aab85c33a420bb6380d7ab05421244c430b0c8c10fc1a0e2ee931c529d9cef7abc785dc8a0ca47c944651241e8fbc6b029aa1068587baeb0cdd

  • SSDEEP

    196608:UJy4ourErvI9pWjgaAnajMsbSEo2DfQC//OoBPmU/:wy/urEUWjJjIfco4jFv/

Malware Config

Targets

    • Target

      Built.exe

    • Size

      8.2MB

    • MD5

      873a8095a5c8e901f59efc4a75b2ce0a

    • SHA1

      8ebcf59d31f6d8759dbaae5ca498a856cdd79a9c

    • SHA256

      e06a943ba6d1cd88b09399d56795c638204c2c9fcf2608ca38138733d5c2c864

    • SHA512

      a9a703185a228aab85c33a420bb6380d7ab05421244c430b0c8c10fc1a0e2ee931c529d9cef7abc785dc8a0ca47c944651241e8fbc6b029aa1068587baeb0cdd

    • SSDEEP

      196608:UJy4ourErvI9pWjgaAnajMsbSEo2DfQC//OoBPmU/:wy/urEUWjJjIfco4jFv/

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      0��0�^[.pyc

    • Size

      1KB

    • MD5

      a69fa5435c84361f922bf78c3a4a67ab

    • SHA1

      8ba6c377044870a829c4e1aaaebc8f88618b356b

    • SHA256

      29e51f9e77cf86821e06631d65ebe7efc8b4d1aade5fa9511986de49d04683a7

    • SHA512

      47a4681731666b5db596b2374b5af0a41aff47e6dbdc822c772c3acbaeb00d1b9b619adb8477f0df8e343c145f4931d2a59cae8cc10acca22e994acdc63e26bf

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks