General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241029-ttr4zsvrex
-
MD5
45b731b63055feb5a57ccf98c6e49a47
-
SHA1
472c66a7ee53be303b176e8bc52b53058def185c
-
SHA256
015888d4817c03faf0fcb14e570a742e884bc72618afa30b53f9611dec7253f7
-
SHA512
6861ccd20805f2ee6364d7a0e3c2087f61e78f40d1efa61569f2da7dc8ce39f2140de67dde5257d5f87e63d990fc7a7056535e3884068e864ed97206b62f6614
-
SSDEEP
98304:+JDjWM8JEE1FfsamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFO:+J09NeNTfm/pf+xk4dWRpmrbW3jmrG
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
45b731b63055feb5a57ccf98c6e49a47
-
SHA1
472c66a7ee53be303b176e8bc52b53058def185c
-
SHA256
015888d4817c03faf0fcb14e570a742e884bc72618afa30b53f9611dec7253f7
-
SHA512
6861ccd20805f2ee6364d7a0e3c2087f61e78f40d1efa61569f2da7dc8ce39f2140de67dde5257d5f87e63d990fc7a7056535e3884068e864ed97206b62f6614
-
SSDEEP
98304:+JDjWM8JEE1FfsamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFO:+J09NeNTfm/pf+xk4dWRpmrbW3jmrG
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-