General

  • Target

    Built.exe

  • Size

    8.3MB

  • Sample

    241130-1dex2szpgr

  • MD5

    522ec22f722f43d9ca29d4cd50e4a778

  • SHA1

    d816603b8cce0c508dcdde3b2090178874e11927

  • SHA256

    dea2c23008832bf217217a202c572fb82f9a77bb990678e3a6686ad1ab66de53

  • SHA512

    da1f9f042240aa4b59fff3356aa766ff55a4383e6353eb516279ea1141650dffe853a3a21efd0d5c21da3c9a8a8ca6fc128947e3c2dce6b156138755e6c57980

  • SSDEEP

    196608:pkuYLbwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j0:gYIHziK1piXLGVE4UrS0VJA

Malware Config

Targets

    • Target

      Built.exe

    • Size

      8.3MB

    • MD5

      522ec22f722f43d9ca29d4cd50e4a778

    • SHA1

      d816603b8cce0c508dcdde3b2090178874e11927

    • SHA256

      dea2c23008832bf217217a202c572fb82f9a77bb990678e3a6686ad1ab66de53

    • SHA512

      da1f9f042240aa4b59fff3356aa766ff55a4383e6353eb516279ea1141650dffe853a3a21efd0d5c21da3c9a8a8ca6fc128947e3c2dce6b156138755e6c57980

    • SSDEEP

      196608:pkuYLbwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j0:gYIHziK1piXLGVE4UrS0VJA

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks