General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241031-ycy87a1mas
-
MD5
4f21dc77bb4b5716609189090649c124
-
SHA1
609c25774b3d866a1f332044117679d268ec9ea5
-
SHA256
b62fbd54699f6669aee7a7f1cb83fe866d1f30b9462f363ec644ca38d6f47e3a
-
SHA512
053d1d9df9cae3045080f77520f804f6ca17e501a667edac5ac6a323dfd618ca7cae670d27c19e1a027ba6ff153076906680126b9605e93d66744f10818c0c34
-
SSDEEP
98304:q9DjWM8JEE1F+YamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFJ:q90seNTfm/pf+xk4dWRpmrbW3jmrB
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
4f21dc77bb4b5716609189090649c124
-
SHA1
609c25774b3d866a1f332044117679d268ec9ea5
-
SHA256
b62fbd54699f6669aee7a7f1cb83fe866d1f30b9462f363ec644ca38d6f47e3a
-
SHA512
053d1d9df9cae3045080f77520f804f6ca17e501a667edac5ac6a323dfd618ca7cae670d27c19e1a027ba6ff153076906680126b9605e93d66744f10818c0c34
-
SSDEEP
98304:q9DjWM8JEE1F+YamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFJ:q90seNTfm/pf+xk4dWRpmrbW3jmrB
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-