Overview

overview

10

Static

static

10

Built.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    7.9MB

  • Sample

    241028-yaszdswapr

  • MD5

    510ee72c6408e0a5e8c5adec8821c68e

  • SHA1

    607ba73d6ee2a9f3ecc13648316eb2a68f1938e7

  • SHA256

    02b5c3109ae44162bb1ccb6d6ba5e615c58a01090c5c6d24e80a931704be6465

  • SHA512

    ff17ea2f6100bcd5ffb87a0461efb1ba9c9e0cc260eafafa776eaf1df9fd76985bbeccc2688d36227fe0192b0513087672fd387d4d99e991e85fe78ce644db46

  • SSDEEP

    196608:GaHYNewfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jW:AVIHziK1piXLGVE4Ue0VJq

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      7.9MB

    • MD5

      510ee72c6408e0a5e8c5adec8821c68e

    • SHA1

      607ba73d6ee2a9f3ecc13648316eb2a68f1938e7

    • SHA256

      02b5c3109ae44162bb1ccb6d6ba5e615c58a01090c5c6d24e80a931704be6465

    • SHA512

      ff17ea2f6100bcd5ffb87a0461efb1ba9c9e0cc260eafafa776eaf1df9fd76985bbeccc2688d36227fe0192b0513087672fd387d4d99e991e85fe78ce644db46

    • SSDEEP

      196608:GaHYNewfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jW:AVIHziK1piXLGVE4Ue0VJq

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks