blankgrabber | 5c15f3ebf4dc110544d487844ff5807e64612e8122e87298fd2321d0c9a520be | Triage

Submit
Reports

Overview

overview

Static

static

KO val cra...IN.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

KO val crack.rar
Size

41.0MB
Sample

240124-2gx4gaadf5
MD5

71d846114d1241adbd70c295074aa85c
SHA1

ee04e941b2c28ae387e5429ab594c8a37d065cfd
SHA256

5c15f3ebf4dc110544d487844ff5807e64612e8122e87298fd2321d0c9a520be
SHA512

0516e9323cf8ca1838ec113b07733c64d927a19f896af8efb8ead48e536318a099d86065fae5cd45272674c54230b73109bd9e32a433a2dc7a1863167a57cc9a
SSDEEP

196608:JfUgmZJZyJA6yJ4poD2R+ByOOJMywYJQwiBaUw:JmZF6yJ4poD2oByOOJM5YJhU

Score

10^/10

blankgrabber spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

KO val crack/KO VAL MAIN.exe

Resource

win10v2004-20231215-en

spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  KO val crack/KO VAL MAIN.exe
- Size
  
  56.0MB
- MD5
  
  21ef997287b378851a2266c4efec165d
- SHA1
  
  8ec3ee00b6f372421d4cbb08d6874ea79a3272ee
- SHA256
  
  a6786e08f75b2a0503b6c1c4e098de9181102dc01da743a7b441b34d786fb8ea
- SHA512
  
  5d5a6c287c4c60420df63f3b9df4b9a38db4d94245c80ab0e039d50c1a2a82aef3e000be935582332619fa5d328fdff828dbfb2335fca9c5a87838d401c71971
- SSDEEP
  
  98304:XR6EtdFBCVamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RnOuAK4xtKy:X7FIweN/FJMIDJf0gsAGK4ROuAK4n5
Score

8^/10

spyware stealer upx
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

© 2018-2025

Terms | Privacy