Resubmissions

03-11-2024 00:30

241103-athqrsyrbv 10

03-11-2024 00:28

241103-asvnyayqhv 10

03-11-2024 00:27

241103-ar4v8aspam 10

02-11-2024 23:40

241102-3pcceayemd 10

02-11-2024 22:42

241102-2m3k5sxkct 10

General

  • Target

    Built.exe

  • Size

    8.1MB

  • Sample

    241103-ar4v8aspam

  • MD5

    18e23d29977fb75630e935883a09db80

  • SHA1

    5faa3c586f9498f612288ab533e2ee1bd0491314

  • SHA256

    bd633bfe1287684d5d4220908098b931c48656b1a6bbad821fe926c235fb0f10

  • SHA512

    bb286d5d9002d195c7fd48e719bded387cb4e03627c434b44f9bbd6e5404205a382677ae8043816bf14e1621353d207b65a882cade7d579cc2fe940a9e7306b7

  • SSDEEP

    196608:6WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9s5:7QurEUWjZZ4dDLIeW7zWGPTNC5

Malware Config

Targets

    • Target

      Built.exe

    • Size

      8.1MB

    • MD5

      18e23d29977fb75630e935883a09db80

    • SHA1

      5faa3c586f9498f612288ab533e2ee1bd0491314

    • SHA256

      bd633bfe1287684d5d4220908098b931c48656b1a6bbad821fe926c235fb0f10

    • SHA512

      bb286d5d9002d195c7fd48e719bded387cb4e03627c434b44f9bbd6e5404205a382677ae8043816bf14e1621353d207b65a882cade7d579cc2fe940a9e7306b7

    • SSDEEP

      196608:6WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9s5:7QurEUWjZZ4dDLIeW7zWGPTNC5

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks