General
-
Target
Built.exe
-
Size
7.5MB
-
Sample
241103-fzjg5swcre
-
MD5
255f13f929ebb2791b9ef25fd7a86e56
-
SHA1
8aa1b268b10c33a91f1de395bb3c3d17801e4253
-
SHA256
a0130c363e4a5f80f622f5961c371141492434299438bda00f60fa7433e36235
-
SHA512
d71c09004af30fa2e43fff46089def4792e59c20eca1e70a0defc1d6248aefa7142ef0118053e058e7d0f56e2004cace862cd0267348b01f5c11e0958a34d32d
-
SSDEEP
98304:TjBAgasrYRMlHwRhI3l72Qj1qCVgWBg+uoQs+YX5dfXHzjNZnXscacRX1t9XMGhE:T6gI+lwfI9jUC2gYBYv3vbW+DcGiwwnR
Malware Config
Targets
-
-
Target
Built.exe
-
Size
7.5MB
-
MD5
255f13f929ebb2791b9ef25fd7a86e56
-
SHA1
8aa1b268b10c33a91f1de395bb3c3d17801e4253
-
SHA256
a0130c363e4a5f80f622f5961c371141492434299438bda00f60fa7433e36235
-
SHA512
d71c09004af30fa2e43fff46089def4792e59c20eca1e70a0defc1d6248aefa7142ef0118053e058e7d0f56e2004cace862cd0267348b01f5c11e0958a34d32d
-
SSDEEP
98304:TjBAgasrYRMlHwRhI3l72Qj1qCVgWBg+uoQs+YX5dfXHzjNZnXscacRX1t9XMGhE:T6gI+lwfI9jUC2gYBYv3vbW+DcGiwwnR
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
{���<�$.pyc
-
Size
1KB
-
MD5
28ace2cf803f581dac95ad4b7576b5dc
-
SHA1
b2ca7a7fe9a08ab614dd6fb3f1c0582bd92687af
-
SHA256
5ba7ff8402fd73fabf241647953b36e2adfc20d2d2fcbfd41042b264724cc3af
-
SHA512
5aa91039de6e40ec8e666d36f58436d81a565c7eac5f622bf03870e82bbc1eb97dcaa3c8ebeb3b52c39bb0a717340b4edaf4c3f6d6c6cdc2992bb4191998777a
Score1/10 -