Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

G �qh�.pyc

windows7-x64

G �qh�.pyc

windows10-2004-x64

Resubmissions

21-10-2024 02:05

241021-ch5r9svfmr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    6.6MB

  • Sample

    241021-ch5r9svfmr

  • MD5

    ac21a393ea09de0f549c0b12af484e52

  • SHA1

    457443b13a5684bae04c964ea042d1fd564a020d

  • SHA256

    6fce89f252f68a3183c6b1b41d25b4a17045d8e4abbbb747a56c94aeb290aa76

  • SHA512

    96e3f5c005cbf95ea02cb555cce08ec17e10db61bf8ddc60a808d07742e539e557357751caebb4312b0c27a884403b55dda59870da7bb31a8c13c08c0aacd536

  • SSDEEP

    196608:nsfzkDOYjJlpZstQoS9Hf12VKXMSElbZCjV5:HBpGt7G/My2bI5

Score
10/10
blankgrabbercollectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.6MB

    • MD5

      ac21a393ea09de0f549c0b12af484e52

    • SHA1

      457443b13a5684bae04c964ea042d1fd564a020d

    • SHA256

      6fce89f252f68a3183c6b1b41d25b4a17045d8e4abbbb747a56c94aeb290aa76

    • SHA512

      96e3f5c005cbf95ea02cb555cce08ec17e10db61bf8ddc60a808d07742e539e557357751caebb4312b0c27a884403b55dda59870da7bb31a8c13c08c0aacd536

    • SSDEEP

      196608:nsfzkDOYjJlpZstQoS9Hf12VKXMSElbZCjV5:HBpGt7G/My2bI5

    Score
    8/10
    upxcollectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      G �qh�.pyc

    • Size

      857B

    • MD5

      ffc396cb138216d25434dad6082b498e

    • SHA1

      eb432f587c7b2ad95e4f3d7d38501c624f8a9e92

    • SHA256

      4a313e544038fda1c03e9c0b49f5cc4b0de4387d990006686175f9a9292397d0

    • SHA512

      ceb5408696de2ab88792e71b8abcb48a51aa1dc98ca56902ff237a6403bfbc46ba13d11abf3653ea0c7a36762b1de6bb3170b2ba77827e8e0ba5c35b2a9270fc

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks