Overview

overview

10

Static

static

10

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    6.0MB

  • Sample

    241105-qc3mls1key

  • MD5

    1c456aeba215d48b7017f8371811d585

  • SHA1

    b09dc3582ca79bd8bb236fc5171d0390883de5b1

  • SHA256

    b2d3681ac66cc4c82d2a882003fac190adf41ea1458e29cf2aa07d6c93e0e51f

  • SHA512

    2af1fe80ecb88770f3aea2d01637bc2ee5b65d16cbe29293d57f8829f59345ff5d88ebbce40da732070ccd6c0227138d16f54d49f451b12ece2e677bf3baa5dc

  • SSDEEP

    98304:NkEtdFB4lFamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RbOLPj+Jy6y3:NzFi+eN/FJMIDJf0gsAGK4RqLPjHJ3

Score
10/10
blankgrabberexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.0MB

    • MD5

      1c456aeba215d48b7017f8371811d585

    • SHA1

      b09dc3582ca79bd8bb236fc5171d0390883de5b1

    • SHA256

      b2d3681ac66cc4c82d2a882003fac190adf41ea1458e29cf2aa07d6c93e0e51f

    • SHA512

      2af1fe80ecb88770f3aea2d01637bc2ee5b65d16cbe29293d57f8829f59345ff5d88ebbce40da732070ccd6c0227138d16f54d49f451b12ece2e677bf3baa5dc

    • SSDEEP

      98304:NkEtdFB4lFamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RbOLPj+Jy6y3:NzFi+eN/FJMIDJf0gsAGK4RqLPjHJ3

    Score
    8/10
    executionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks