Overview

overview

10

Static

static

10

Built.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    7.5MB

  • Sample

    241103-fz3wsawejr

  • MD5

    255f13f929ebb2791b9ef25fd7a86e56

  • SHA1

    8aa1b268b10c33a91f1de395bb3c3d17801e4253

  • SHA256

    a0130c363e4a5f80f622f5961c371141492434299438bda00f60fa7433e36235

  • SHA512

    d71c09004af30fa2e43fff46089def4792e59c20eca1e70a0defc1d6248aefa7142ef0118053e058e7d0f56e2004cace862cd0267348b01f5c11e0958a34d32d

  • SSDEEP

    98304:TjBAgasrYRMlHwRhI3l72Qj1qCVgWBg+uoQs+YX5dfXHzjNZnXscacRX1t9XMGhE:T6gI+lwfI9jUC2gYBYv3vbW+DcGiwwnR

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      7.5MB

    • MD5

      255f13f929ebb2791b9ef25fd7a86e56

    • SHA1

      8aa1b268b10c33a91f1de395bb3c3d17801e4253

    • SHA256

      a0130c363e4a5f80f622f5961c371141492434299438bda00f60fa7433e36235

    • SHA512

      d71c09004af30fa2e43fff46089def4792e59c20eca1e70a0defc1d6248aefa7142ef0118053e058e7d0f56e2004cace862cd0267348b01f5c11e0958a34d32d

    • SSDEEP

      98304:TjBAgasrYRMlHwRhI3l72Qj1qCVgWBg+uoQs+YX5dfXHzjNZnXscacRX1t9XMGhE:T6gI+lwfI9jUC2gYBYv3vbW+DcGiwwnR

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks