General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241030-qr7j4svbnk
-
MD5
e876252404837ba49897faa048762c81
-
SHA1
39a408228999f4f18ebb890d5417ed6118a6d8da
-
SHA256
af47a29761bf74b3c78795c61a0a165e0ec4134d2561343df42798dcdb32297c
-
SHA512
d2f83d0d2fe190bb7ad338ab6c5ce1f837cb08b40e1325e12941da0fbdd248d05b7f6baca55b519d3d115d69d0e1e34faa563b8fff41e406342688144f684279
-
SSDEEP
98304:qRDjWM8JEE1FVHamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFY:qR0bqeNTfm/pf+xk4dWRpmrbW3jmrg
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
e876252404837ba49897faa048762c81
-
SHA1
39a408228999f4f18ebb890d5417ed6118a6d8da
-
SHA256
af47a29761bf74b3c78795c61a0a165e0ec4134d2561343df42798dcdb32297c
-
SHA512
d2f83d0d2fe190bb7ad338ab6c5ce1f837cb08b40e1325e12941da0fbdd248d05b7f6baca55b519d3d115d69d0e1e34faa563b8fff41e406342688144f684279
-
SSDEEP
98304:qRDjWM8JEE1FVHamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFY:qR0bqeNTfm/pf+xk4dWRpmrbW3jmrg
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-