Resubmissions

18-12-2024 13:38

241218-qxpaqasjdp 10

16-12-2024 22:41

241216-2mav5atjep 10

16-12-2024 21:41

241216-1j6yqa1rcq 10

15-12-2024 17:37

241215-v7bvla1nax 10

14-12-2024 18:17

241214-ww5tzazpat 10

13-12-2024 18:30

241213-w5q26synfm 10

12-12-2024 23:52

241212-3wsb7s1ra1 10

12-12-2024 16:49

241212-vb15lszpfv 10

04-12-2024 14:46

241204-r492faymax 10

General

  • Target

    Built.exe

  • Size

    6.9MB

  • Sample

    241216-1j6yqa1rcq

  • MD5

    2754fe0444a11859ce6814803daaa62c

  • SHA1

    59193f0128f1649184a7f90283d31d891aa23a37

  • SHA256

    125b51c996078282c7048d8959fff151b7fa334b4381e74d4f98c4d335ab63c7

  • SHA512

    4c9eb428a9223e6b370a771926bf0f6a35fddceb25fe7188cbdc164311fb821b620d073238cd19b0bfabd2c6b197cae35759b4767b176466b077c446a9155b58

  • SSDEEP

    98304:o5DjWM8JEE1FdjamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFP:o50zGeNTfm/pf+xk4dWRpmrbW3jmrH

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.9MB

    • MD5

      2754fe0444a11859ce6814803daaa62c

    • SHA1

      59193f0128f1649184a7f90283d31d891aa23a37

    • SHA256

      125b51c996078282c7048d8959fff151b7fa334b4381e74d4f98c4d335ab63c7

    • SHA512

      4c9eb428a9223e6b370a771926bf0f6a35fddceb25fe7188cbdc164311fb821b620d073238cd19b0bfabd2c6b197cae35759b4767b176466b077c446a9155b58

    • SSDEEP

      98304:o5DjWM8JEE1FdjamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFP:o50zGeNTfm/pf+xk4dWRpmrbW3jmrH

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks