General

  • Target

    builded.exe

  • Size

    16.5MB

  • Sample

    250115-waxapszlcw

  • MD5

    42c6858db31c815c535077ea6312120f

  • SHA1

    acdccdb1f44b4faf3c46be7a86ff5e267450f7d3

  • SHA256

    9c8fe23056011bd28613d979c5e6e556ad7f891ba22ffa831afe4c28a0056513

  • SHA512

    ea6e68f955572bd76f5fa8ae5579074fc412d2fb23300085535b2ec52269ec84aed7ac9ad3035f7d648626f907a1f2c89c31fbf949d6baaab6cfc9807471993b

  • SSDEEP

    393216:29Yi2Vlj87dPCEGBIywq3Obs2ClFInEroXq14S2in8hAZk18kArQKuBN:29Yi2Vl8ZKEGBIywq3ObRqOErUlQfSe0

Malware Config

Targets

    • Target

      builded.exe

    • Size

      16.5MB

    • MD5

      42c6858db31c815c535077ea6312120f

    • SHA1

      acdccdb1f44b4faf3c46be7a86ff5e267450f7d3

    • SHA256

      9c8fe23056011bd28613d979c5e6e556ad7f891ba22ffa831afe4c28a0056513

    • SHA512

      ea6e68f955572bd76f5fa8ae5579074fc412d2fb23300085535b2ec52269ec84aed7ac9ad3035f7d648626f907a1f2c89c31fbf949d6baaab6cfc9807471993b

    • SSDEEP

      393216:29Yi2Vlj87dPCEGBIywq3Obs2ClFInEroXq14S2in8hAZk18kArQKuBN:29Yi2Vl8ZKEGBIywq3ObRqOErUlQfSe0

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Target

      build.pyc

    • Size

      40KB

    • MD5

      ec5487b05d3233438ff21a474ea353d1

    • SHA1

      421b1446c9b32094d6d51979e21bf4cbf41689f4

    • SHA256

      a110c05c965e78a897573fd9eec2b976399f2aceeb42ae1f0eb1d3d583031290

    • SHA512

      96d916643f321e2b732e4d70d880de6fc409d4e4805d9b68b9a463bea405244334a71de762402c6cfe3601979c0d8ddd48d37da2df7e9cfb220a5c7e06342483

    • SSDEEP

      768:rxa92R/THYSyVzW7H8DsaGTHJl9RKVfGO0xsuLUS0qITrKWigpHJQqHrfWHRi6Fu:Q92VRyVzu8DEJl9oVeO0TLUfqirKWigJ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks