General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241102-y2n5hstnfx
-
MD5
f490839c28892955dfc6f341a49bc899
-
SHA1
987358381e0d76686bb2fe23d8ac714586a8ff91
-
SHA256
dff257afb94abb2056a4ef1bda262a04e5ad48844831a95a0ce839590884f5a3
-
SHA512
e0be0e81051646b4ba9161d94c0af72faeb957330abbe9be9ab67bcb29f0cea0663379fdd8a7ac3512493d4839151398ad3f5c82d7a603edb53b1bd62b75c3e7
-
SSDEEP
98304:mVp2DjWM8JEE1F9iamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEV:E207beNTfm/pf+xk4dWRpmrbW3jmr8
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
f490839c28892955dfc6f341a49bc899
-
SHA1
987358381e0d76686bb2fe23d8ac714586a8ff91
-
SHA256
dff257afb94abb2056a4ef1bda262a04e5ad48844831a95a0ce839590884f5a3
-
SHA512
e0be0e81051646b4ba9161d94c0af72faeb957330abbe9be9ab67bcb29f0cea0663379fdd8a7ac3512493d4839151398ad3f5c82d7a603edb53b1bd62b75c3e7
-
SSDEEP
98304:mVp2DjWM8JEE1F9iamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEV:E207beNTfm/pf+xk4dWRpmrbW3jmr8
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3