Overview

overview

10

Static

static

10

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    13.8MB

  • Sample

    241103-d3159awrap

  • MD5

    db2f128f137ccac4c4fbeee1bdc24911

  • SHA1

    653c857917174bc31e1c3218ec2bc5cad2a6291b

  • SHA256

    35acd656a82884d9ed7d017abb2d7c87cf7f756276eb878bae567e9930400fdc

  • SHA512

    f45295a142c369e1306bd8cac9dffa5993c823a7d931a9abf5dcdcc73d04314941551b485e04e98b72e8382664267be46340601e05e58c75a1a8344c54d031d4

  • SSDEEP

    393216:kbXcJa+rX2+FxI63gbfIHziK1piXLGVE4U2w0VJf:IgrX7P9Q2DiXHL0Lf

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      13.8MB

    • MD5

      db2f128f137ccac4c4fbeee1bdc24911

    • SHA1

      653c857917174bc31e1c3218ec2bc5cad2a6291b

    • SHA256

      35acd656a82884d9ed7d017abb2d7c87cf7f756276eb878bae567e9930400fdc

    • SHA512

      f45295a142c369e1306bd8cac9dffa5993c823a7d931a9abf5dcdcc73d04314941551b485e04e98b72e8382664267be46340601e05e58c75a1a8344c54d031d4

    • SSDEEP

      393216:kbXcJa+rX2+FxI63gbfIHziK1piXLGVE4U2w0VJf:IgrX7P9Q2DiXHL0Lf

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks