General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241030-cpdmcswkbm
-
MD5
2324bbb7225cdd09f5225f84bf465bf1
-
SHA1
0bc2abc1410e5775a116482aecb490d0719ff08d
-
SHA256
181dc105a537835eb3a755c876b68c02ef9490a2db36b17cfee19e04167c8b0b
-
SHA512
f2d337f0c99a8354292838d5e8e50a19f388e1966b74034692c4f9c350a47ac12bd04ab48c8e399d1bd4380b39a4fccdb4880da09ee400ee2c114ab555888ad5
-
SSDEEP
98304:n9DjWM8JEE1FPamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWf:n90YeNTfm/pf+xk4dWRpmrbW3jmre
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
2324bbb7225cdd09f5225f84bf465bf1
-
SHA1
0bc2abc1410e5775a116482aecb490d0719ff08d
-
SHA256
181dc105a537835eb3a755c876b68c02ef9490a2db36b17cfee19e04167c8b0b
-
SHA512
f2d337f0c99a8354292838d5e8e50a19f388e1966b74034692c4f9c350a47ac12bd04ab48c8e399d1bd4380b39a4fccdb4880da09ee400ee2c114ab555888ad5
-
SSDEEP
98304:n9DjWM8JEE1FPamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWf:n90YeNTfm/pf+xk4dWRpmrbW3jmre
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-