General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241030-cmp8davcll
-
MD5
2a899af1a212d5176e3fc8356b14f882
-
SHA1
5a5342cb344fbcb0e6d31ff84bb5dda174dfb42d
-
SHA256
d40e8db8ea8e0739d9a16c9c6389056447e294ac37384406da63d216b03b0a10
-
SHA512
a480d9b1803cefca75dc50a4aa72576ec3dbd0a53afbaa0c661a31b5829301ea2c4d9352c2013137abc023eed9234cfa86cb37c19631fae1baeba8f3710c646a
-
SSDEEP
98304:AzDjWM8JEE1FOamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWK:Az05eNTfm/pf+xk4dWRpmrbW3jmrz
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
2a899af1a212d5176e3fc8356b14f882
-
SHA1
5a5342cb344fbcb0e6d31ff84bb5dda174dfb42d
-
SHA256
d40e8db8ea8e0739d9a16c9c6389056447e294ac37384406da63d216b03b0a10
-
SHA512
a480d9b1803cefca75dc50a4aa72576ec3dbd0a53afbaa0c661a31b5829301ea2c4d9352c2013137abc023eed9234cfa86cb37c19631fae1baeba8f3710c646a
-
SSDEEP
98304:AzDjWM8JEE1FOamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWK:Az05eNTfm/pf+xk4dWRpmrbW3jmrz
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-