Overview

overview

10

Static

static

10

Built.exe

windows7-x64

7

Built.exe

windows10-2004-x64

8

�&�� ��.pyc

windows7-x64

�&�� ��.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Built.exe

  • Size

    6.9MB

  • Sample

    250128-2k4enawpcm

  • MD5

    34487671e79db08be862da06447037c9

  • SHA1

    529d64f8d80dc9ef6ef8509180edc114c3aec6e8

  • SHA256

    600bb394628f04bf30c762697695f260e1ea5d24ec7eb9142181f0bb90108c06

  • SHA512

    dcc80b7cea91bad0367ea9dc11c1466de1fee468c3418afa5d3dbd538d9e9ddfe3b44f4b314e28bb3ac43d7029eedffa1fbc43ad38047b21b9cac0f6bc0d07fb

  • SSDEEP

    98304:9VDjWM8JEE1FSb4amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIk:9V0UteNTfm/pf+xk4dWRimrbW3jmyN

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Built.exe

    • Size

      6.9MB

    • MD5

      34487671e79db08be862da06447037c9

    • SHA1

      529d64f8d80dc9ef6ef8509180edc114c3aec6e8

    • SHA256

      600bb394628f04bf30c762697695f260e1ea5d24ec7eb9142181f0bb90108c06

    • SHA512

      dcc80b7cea91bad0367ea9dc11c1466de1fee468c3418afa5d3dbd538d9e9ddfe3b44f4b314e28bb3ac43d7029eedffa1fbc43ad38047b21b9cac0f6bc0d07fb

    • SSDEEP

      98304:9VDjWM8JEE1FSb4amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIk:9V0UteNTfm/pf+xk4dWRimrbW3jmyN

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �&�� ��.pyc

    • Size

      1KB

    • MD5

      6d71e06880e4bec0afd533a1fc7752a5

    • SHA1

      5d0723e9cf9c149de2d2431f61e43d326d9fa4fc

    • SHA256

      bc0c0df65bb9894b2c7a7b2bbb2a979bf02e3e47f64972906acad37f261e81c8

    • SHA512

      52263643315e4932fd19e369dfefe784bb9617b261636187ed9d9f0a81686b7c0ef54a3cb2d306de2284ad6ddb925492ed21a9d1db267d3a2d9125cc6647966f

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks