General

  • Target

    Built.exe

  • Size

    7.5MB

  • Sample

    241110-tdg9vazgmd

  • MD5

    12e9f3ce18351ee539646c23cc862c5c

  • SHA1

    0b2487fe4e3ffaf79fdf1c0c0b01f6ce68346daf

  • SHA256

    72fdb72dcc71697b027824211e2879f4bf8c8974e56a857f2fca30ad7b675d6f

  • SHA512

    585882cbb5e8097d47b3985326a4ae9c17d2e015801652d88a5c5230feab1add48f60bd73fa9ff34b505de742b437e53ed03b53d5011c1834c134610ff96ac59

  • SSDEEP

    196608:yOgFHwfI9jUC2gYBYv3vbW5+iITm1U6fi:4FMIH2gYBgDW4TOz6

Malware Config

Targets

    • Target

      Built.exe

    • Size

      7.5MB

    • MD5

      12e9f3ce18351ee539646c23cc862c5c

    • SHA1

      0b2487fe4e3ffaf79fdf1c0c0b01f6ce68346daf

    • SHA256

      72fdb72dcc71697b027824211e2879f4bf8c8974e56a857f2fca30ad7b675d6f

    • SHA512

      585882cbb5e8097d47b3985326a4ae9c17d2e015801652d88a5c5230feab1add48f60bd73fa9ff34b505de742b437e53ed03b53d5011c1834c134610ff96ac59

    • SSDEEP

      196608:yOgFHwfI9jUC2gYBYv3vbW5+iITm1U6fi:4FMIH2gYBgDW4TOz6

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks