General
-
Target
Built.exe
-
Size
6.9MB
-
Sample
241105-bfdekatmcl
-
MD5
bbf73168d72bbb41ebfd4bb22e91b348
-
SHA1
7ed59e2dc09d2b9634c7195562cd21ad9c7a515a
-
SHA256
3a3ba2a40800189e238396adf0d480f9977fdb3dff4538af34e95a752f4c7197
-
SHA512
320affdc20dc9b2168b202a06039e0dd020edd8d04e0aa51e8b0ef687c570e63bf091435b87d7c97c433f1e321a8b78c5d656df06b83314876afd6e7466b28e4
-
SSDEEP
98304:nnDjWM8JEE1FSkeamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEI5:nn0QoeNTfm/pf+xk4dWRpmrbW3jmrz
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.9MB
-
MD5
bbf73168d72bbb41ebfd4bb22e91b348
-
SHA1
7ed59e2dc09d2b9634c7195562cd21ad9c7a515a
-
SHA256
3a3ba2a40800189e238396adf0d480f9977fdb3dff4538af34e95a752f4c7197
-
SHA512
320affdc20dc9b2168b202a06039e0dd020edd8d04e0aa51e8b0ef687c570e63bf091435b87d7c97c433f1e321a8b78c5d656df06b83314876afd6e7466b28e4
-
SSDEEP
98304:nnDjWM8JEE1FSkeamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEI5:nn0QoeNTfm/pf+xk4dWRpmrbW3jmrz
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3