General

  • Target

    Built.exe

  • Size

    6.6MB

  • Sample

    241130-txwlksspcq

  • MD5

    79477b79441378ba1d3e2108460530c2

  • SHA1

    e150dbbf3a3a35999fcc301f6d44807cf48d96ac

  • SHA256

    57ee6c06c7d1d61da8fc502a10cefd2a2e69f2e30d2df148add19fcd79953f38

  • SHA512

    57e258877662089763414b089c702dc904338d688871149f63cd86f6dcbce777b12bab44aaf4f626a27d0648244fbed4b56038e68912e462df6d0581ce206b45

  • SSDEEP

    196608:1Cf8DOYjJlpZstQoS9Hf12VKXMSEkblC1V7:RBpGt7G/Mynbm7

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.6MB

    • MD5

      79477b79441378ba1d3e2108460530c2

    • SHA1

      e150dbbf3a3a35999fcc301f6d44807cf48d96ac

    • SHA256

      57ee6c06c7d1d61da8fc502a10cefd2a2e69f2e30d2df148add19fcd79953f38

    • SHA512

      57e258877662089763414b089c702dc904338d688871149f63cd86f6dcbce777b12bab44aaf4f626a27d0648244fbed4b56038e68912e462df6d0581ce206b45

    • SSDEEP

      196608:1Cf8DOYjJlpZstQoS9Hf12VKXMSEkblC1V7:RBpGt7G/Mynbm7

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks