Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    13.0MB

  • Sample

    241029-b3tp3asbke

  • MD5

    3db7ec15b3e9ac29f4e19dc58283a52a

  • SHA1

    56506f10315da932591d9c746fa315e6beb4a036

  • SHA256

    ea44cb9f615fd6cee1183be142fc3dfc88d4c3e7632f056c5f3f4ba5cbb2c277

  • SHA512

    d621cd16670d28b5145c3d53552db2506641b12fd2f76ec54f5069a473806ce02c7c7670f839abebb1a0d7481a8713c275accabcb69ad2bf9886bac03c50616f

  • SSDEEP

    196608:X/gaurVjy+2KedZply3ZbewfI9jUC2gYBYv3vbW4SEB+itP3D2X371K:YaCVjy+27d83HIH2gYBgDWZ4vDE3pK

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      13.0MB

    • MD5

      3db7ec15b3e9ac29f4e19dc58283a52a

    • SHA1

      56506f10315da932591d9c746fa315e6beb4a036

    • SHA256

      ea44cb9f615fd6cee1183be142fc3dfc88d4c3e7632f056c5f3f4ba5cbb2c277

    • SHA512

      d621cd16670d28b5145c3d53552db2506641b12fd2f76ec54f5069a473806ce02c7c7670f839abebb1a0d7481a8713c275accabcb69ad2bf9886bac03c50616f

    • SSDEEP

      196608:X/gaurVjy+2KedZply3ZbewfI9jUC2gYBYv3vbW4SEB+itP3D2X371K:YaCVjy+27d83HIH2gYBgDWZ4vDE3pK

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks