Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    8.3MB

  • Sample

    241029-lygj2svaje

  • MD5

    f9b03a4ca76d7c8e9fae48e25d6a3d95

  • SHA1

    d5c97083c2de49a4ac7f92b9c4804a9a3d43a1dd

  • SHA256

    bbdef141c4d03195652efad92dea9456f6da831b15c282f8b97a2f5ccdfe9a9e

  • SHA512

    b3ecf24ba5e7f8862a98acd2efee33be603d8ab851917244f9c41ae09c18f16a911e4fb583f1dc7982eb3a84ff986bb3aeffa0e9d68e1c05b8266a0d7ac51194

  • SSDEEP

    196608:uk6jurErvI9pWjg/Qc+4o673pNrabebSEjxyMDH8mo:cjurEUWjZZ4dDLIeWCym8l

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      8.3MB

    • MD5

      f9b03a4ca76d7c8e9fae48e25d6a3d95

    • SHA1

      d5c97083c2de49a4ac7f92b9c4804a9a3d43a1dd

    • SHA256

      bbdef141c4d03195652efad92dea9456f6da831b15c282f8b97a2f5ccdfe9a9e

    • SHA512

      b3ecf24ba5e7f8862a98acd2efee33be603d8ab851917244f9c41ae09c18f16a911e4fb583f1dc7982eb3a84ff986bb3aeffa0e9d68e1c05b8266a0d7ac51194

    • SSDEEP

      196608:uk6jurErvI9pWjg/Qc+4o673pNrabebSEjxyMDH8mo:cjurEUWjZZ4dDLIeWCym8l

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks