Overview

overview

10

Static

static

10

Built.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    6.0MB

  • Sample

    241102-wh898s1ejh

  • MD5

    e59f65a63c814c7379cd37ffaf4e31b7

  • SHA1

    3b1e7d96f4c0bb1ff6ec82ad406d711b95729ece

  • SHA256

    3489145fac91f1ee593832061be68061bf1809c762415c63937789ae65e7794e

  • SHA512

    a56fce46c48edb89f94ac122aba8d4144c067b46928f6962e587512e417d763fc7842608e4e4a2a2cb31a6ecfb8f25bc6bb9fbc98c4a00cd317408004cadd510

  • SSDEEP

    98304:mWEtdFB42WPamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RKOLPxPvsMyI:mVFidSeN/FJMIDJf0gsAGK4RRLPxHsPI

Score
10/10
blankgrabberexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.0MB

    • MD5

      e59f65a63c814c7379cd37ffaf4e31b7

    • SHA1

      3b1e7d96f4c0bb1ff6ec82ad406d711b95729ece

    • SHA256

      3489145fac91f1ee593832061be68061bf1809c762415c63937789ae65e7794e

    • SHA512

      a56fce46c48edb89f94ac122aba8d4144c067b46928f6962e587512e417d763fc7842608e4e4a2a2cb31a6ecfb8f25bc6bb9fbc98c4a00cd317408004cadd510

    • SSDEEP

      98304:mWEtdFB42WPamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RKOLPxPvsMyI:mVFidSeN/FJMIDJf0gsAGK4RRLPxHsPI

    Score
    8/10
    executionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks