General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241030-qzwsksvdjn
-
MD5
39bde3b5cf9d06c5d06f122e149bcdf0
-
SHA1
85afc0b3b09fcb03e0a9c86a5b0e7501ba6bf2c5
-
SHA256
3ea1853db12646c02372213a72cc8032fa2f9db34a112c1302757a2fa0901979
-
SHA512
be1d8a85f3a65977f940281ae0c62fc41f9c2e31f382154aff7fda0a7b469eaa392949e8bd7e6bb621e61a81646c82e1edb607b512337c5f4846dec47d83e05a
-
SSDEEP
98304:5VpnDjWM8JEE1F3SGamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhu:Rn0UeNTfm/pf+xk4dWRpmrbW3jmr8
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
39bde3b5cf9d06c5d06f122e149bcdf0
-
SHA1
85afc0b3b09fcb03e0a9c86a5b0e7501ba6bf2c5
-
SHA256
3ea1853db12646c02372213a72cc8032fa2f9db34a112c1302757a2fa0901979
-
SHA512
be1d8a85f3a65977f940281ae0c62fc41f9c2e31f382154aff7fda0a7b469eaa392949e8bd7e6bb621e61a81646c82e1edb607b512337c5f4846dec47d83e05a
-
SSDEEP
98304:5VpnDjWM8JEE1F3SGamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhu:Rn0UeNTfm/pf+xk4dWRpmrbW3jmr8
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-