Overview

overview

10

Static

static

10

Build.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Build.exe

  • Size

    7.4MB

  • Sample

    241105-xbeygsvrhw

  • MD5

    11ba08c713728d87b6b24ff2d56f2e2d

  • SHA1

    0fbba08f74d6a2c2a4cef62cdae1801e136fd714

  • SHA256

    5bb370892b98e7a3cd66e1d26b8bea344011bea0b3565dd7b2a69adc0be05f8b

  • SHA512

    104d360e45296ab9f2681a4e3f187526c6ff0f165eb495f5e84a3fbdd4c7caa6765dbd6e7073f72371282b2691002a924ead5b12f278aa0c4c2f9d2e5c69cbd3

  • SSDEEP

    196608:hD8PeLjv+bhqNVoB0SEsucQZ41JBbIEs1LQ:F8PiL+9qz80SJHQK1J9shQ

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Build.exe

    • Size

      7.4MB

    • MD5

      11ba08c713728d87b6b24ff2d56f2e2d

    • SHA1

      0fbba08f74d6a2c2a4cef62cdae1801e136fd714

    • SHA256

      5bb370892b98e7a3cd66e1d26b8bea344011bea0b3565dd7b2a69adc0be05f8b

    • SHA512

      104d360e45296ab9f2681a4e3f187526c6ff0f165eb495f5e84a3fbdd4c7caa6765dbd6e7073f72371282b2691002a924ead5b12f278aa0c4c2f9d2e5c69cbd3

    • SSDEEP

      196608:hD8PeLjv+bhqNVoB0SEsucQZ41JBbIEs1LQ:F8PiL+9qz80SJHQK1J9shQ

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks