blankgrabber | 60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1

Resubmissions

28/09/2024, 21:15

240928-z38e8azbpc 10

24/03/2024, 05:13

24/03/2024, 04:50

24/03/2024, 04:43

24/03/2024, 04:27

Sharing

Copy URL

Twitter E-mail

General

Target

slotted_DO_NOT_LEAK_LOADER.rar
Size

8.0MB
Sample

240324-e29xfacd4z
MD5

a7804bf3bf7a47566ec0f05625940687
SHA1

8172737195dccab632224c333f6b70db8904e8fa
SHA256

60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1
SHA512

eaa2a7908f6cb6de9c830ae4efa685624960ddc991d2178142b70fc84acf6451bc8f970105be774ebfbecfcc57d38c8ab1e4e9a42257c195b7fb0d1e73c15dd0
SSDEEP

196608:7EIIN3ruklDH2CPWDxxO9Hcrbhvj2UEh5s8uMvHTQfgo92skMazlb:7E3hbVPWdg9HcrbljsvHpossXa9

Score

10^/10

Malware Config

Targets

- Target
  
  yeno slotted so sexyyyyyyy.exe
- Size
  
  8.2MB
- MD5
  
  def8840241246f7ffd84e685fd112df0
- SHA1
  
  0fe476723a584a4af31db476916b6b7b7103ced6
- SHA256
  
  677d8b0da2b7f4df529b45f5546b4778ee052f8deaa55972690078547e111fd7
- SHA512
  
  de06a20842be32d8a14fd8861d6f141f74055f736660899fec3f792115f9a76b41252ce4381b4cd1ccc3f41f7925f1fdb7a7ce982438c100b9a1f94ac88bd560
- SSDEEP
  
  196608:fjP+sxfN+/urErvI9pWjgU1DEzx7sKL/s1tySEQAkjUWlRH2WR:7XxfE/urEUWjhEhn01tv392WR
Score

10^/10

evasion spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2