General

  • Target

    Built.exe

  • Size

    12.0MB

  • Sample

    241103-d1rh2atfmp

  • MD5

    b745a939d6e54688d8ce20bf25e808e9

  • SHA1

    8b0995f3521883d763242348d7338bdfd28aa4bd

  • SHA256

    b705437dbf42dec15e6b740a0fc9a2713201f1acec2e764a452d2281b8fe0343

  • SHA512

    393a1a3c80e77fccfb9128aa1696486eb8a2bd194b383e97fe13093391a08788e0fdc62c139508842edcefb103abeac8502c4a02bf27d66c60ac3f5a5b1aa376

  • SSDEEP

    196608:iHJekYrHNWP8yOTv6tXnlfpiK2oFhJwfI9jUCzi4H1qSiXLGVi7DMgpZYHQ0VMwy:ZdtaSTv6FlVFUIHziK1piXLGVE4U2w00

Malware Config

Targets

    • Target

      Built.exe

    • Size

      12.0MB

    • MD5

      b745a939d6e54688d8ce20bf25e808e9

    • SHA1

      8b0995f3521883d763242348d7338bdfd28aa4bd

    • SHA256

      b705437dbf42dec15e6b740a0fc9a2713201f1acec2e764a452d2281b8fe0343

    • SHA512

      393a1a3c80e77fccfb9128aa1696486eb8a2bd194b383e97fe13093391a08788e0fdc62c139508842edcefb103abeac8502c4a02bf27d66c60ac3f5a5b1aa376

    • SSDEEP

      196608:iHJekYrHNWP8yOTv6tXnlfpiK2oFhJwfI9jUCzi4H1qSiXLGVi7DMgpZYHQ0VMwy:ZdtaSTv6FlVFUIHziK1piXLGVE4U2w00

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks