Overview

overview

10

Static

static

10

Builder.exe

windows7-x64

10

Builder.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Builder.exe

  • Size

    7.4MB

  • Sample

    241006-l658daycjk

  • MD5

    840f918bb88975cf484e3d118de9d90a

  • SHA1

    c77b22957059089e8e9af3f1b43ccf56d52044ab

  • SHA256

    d94fc51460a8a31f58c50f1ebbeb69e0e7c26f839406b20d35eb2fa23f8ff53b

  • SHA512

    6f9a68bac6a2fdc640e08274937da47142bd1cf5eb7208bf6cb6efc3e99d2d1be2654ae5b8ea6624cb1615255c810b832f2c3a69b48f53134f61ecb5a3615b42

  • SSDEEP

    196608:ZuWYS6uOshoKMuIkhVastRL5Di3uq1D7mn:9YShOshouIkPftRL54DR0

Score
10/10
blankgrabberdiscoveryevasionexecutionpersistenceupx

Malware Config

Targets

    • Target

      Builder.exe

    • Size

      7.4MB

    • MD5

      840f918bb88975cf484e3d118de9d90a

    • SHA1

      c77b22957059089e8e9af3f1b43ccf56d52044ab

    • SHA256

      d94fc51460a8a31f58c50f1ebbeb69e0e7c26f839406b20d35eb2fa23f8ff53b

    • SHA512

      6f9a68bac6a2fdc640e08274937da47142bd1cf5eb7208bf6cb6efc3e99d2d1be2654ae5b8ea6624cb1615255c810b832f2c3a69b48f53134f61ecb5a3615b42

    • SSDEEP

      196608:ZuWYS6uOshoKMuIkhVastRL5Di3uq1D7mn:9YShOshouIkPftRL54DR0

    Score
    10/10
    discoveryevasionpersistenceupxexecution

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks