Overview

overview

10

Static

static

10

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    7.6MB

  • Sample

    241012-3ztpfaydja

  • MD5

    4def6c0a931b1f91b6c564545803a420

  • SHA1

    fd0e56d4cb8e3b359baf1db3bdd5649471f31d3c

  • SHA256

    5d9b6a087297faab1847e9b16b80ef0a56508425ec3763c4e6d3cbb047d59e79

  • SHA512

    bd7c8dd220c45e5c9de5243ce4e18a682f1cbd63d07d2aed7414f3fc5cfd68b6ff7de689cb2af257bf330609f5d75e439881adbdb511c32ba3bc991431e2b061

  • SSDEEP

    196608:BHaHYaEwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:9OIHziK1piXLGVE4Ue0VJU

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      7.6MB

    • MD5

      4def6c0a931b1f91b6c564545803a420

    • SHA1

      fd0e56d4cb8e3b359baf1db3bdd5649471f31d3c

    • SHA256

      5d9b6a087297faab1847e9b16b80ef0a56508425ec3763c4e6d3cbb047d59e79

    • SHA512

      bd7c8dd220c45e5c9de5243ce4e18a682f1cbd63d07d2aed7414f3fc5cfd68b6ff7de689cb2af257bf330609f5d75e439881adbdb511c32ba3bc991431e2b061

    • SSDEEP

      196608:BHaHYaEwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:9OIHziK1piXLGVE4Ue0VJU

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks