Overview

overview

10

Static

static

10

Built.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    6.0MB

  • Sample

    241105-qekjtasejm

  • MD5

    a6390ecd02872258d470f2576b37d022

  • SHA1

    39c30bfe6efa1aa8b98de7191ac8cf9142a9549b

  • SHA256

    2417cb81c8a42eee3f994b4f0658de3c812fa0120549e36d0ff6d5ce86b11a67

  • SHA512

    81ecdf30623df4ff96d0d50f528d3e43f65946359b3021001e00e8f94b81748ab0cb161b410516aab36474f2374d76c260fbc0ad4b74bebbe03cc8ba11a3fa60

  • SSDEEP

    98304:BcEtdFBCIz6LamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOLPtsAVeyU:BrFIIz6ueN/FJMIDJf0gsAGK4R0LPtLG

Score
10/10
blankgrabberexecutionupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.0MB

    • MD5

      a6390ecd02872258d470f2576b37d022

    • SHA1

      39c30bfe6efa1aa8b98de7191ac8cf9142a9549b

    • SHA256

      2417cb81c8a42eee3f994b4f0658de3c812fa0120549e36d0ff6d5ce86b11a67

    • SHA512

      81ecdf30623df4ff96d0d50f528d3e43f65946359b3021001e00e8f94b81748ab0cb161b410516aab36474f2374d76c260fbc0ad4b74bebbe03cc8ba11a3fa60

    • SSDEEP

      98304:BcEtdFBCIz6LamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOLPtsAVeyU:BrFIIz6ueN/FJMIDJf0gsAGK4R0LPtLG

    Score
    8/10
    executionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks