blankgrabber | 60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1

Resubmissions

28/09/2024, 21:15

240928-z38e8azbpc 10

24/03/2024, 05:13

24/03/2024, 04:50

24/03/2024, 04:43

24/03/2024, 04:27

Sharing

Copy URL

Twitter E-mail

General

Target

slotted_DO_NOT_LEAK_LOADER.rar
Size

8.0MB
Sample

240324-fwdgqacf3z
MD5

a7804bf3bf7a47566ec0f05625940687
SHA1

8172737195dccab632224c333f6b70db8904e8fa
SHA256

60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1
SHA512

eaa2a7908f6cb6de9c830ae4efa685624960ddc991d2178142b70fc84acf6451bc8f970105be774ebfbecfcc57d38c8ab1e4e9a42257c195b7fb0d1e73c15dd0
SSDEEP

196608:7EIIN3ruklDH2CPWDxxO9Hcrbhvj2UEh5s8uMvHTQfgo92skMazlb:7E3hbVPWdg9HcrbljsvHpossXa9

Score

10^/10

Malware Config

Targets

- Target
  
  slotted_DO_NOT_LEAK_LOADER.rar
- Size
  
  8.0MB
- MD5
  
  a7804bf3bf7a47566ec0f05625940687
- SHA1
  
  8172737195dccab632224c333f6b70db8904e8fa
- SHA256
  
  60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1
- SHA512
  
  eaa2a7908f6cb6de9c830ae4efa685624960ddc991d2178142b70fc84acf6451bc8f970105be774ebfbecfcc57d38c8ab1e4e9a42257c195b7fb0d1e73c15dd0
- SSDEEP
  
  196608:7EIIN3ruklDH2CPWDxxO9Hcrbhvj2UEh5s8uMvHTQfgo92skMazlb:7E3hbVPWdg9HcrbljsvHpossXa9
Score

7^/10

upx spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  read me.txt
- Size
  
  18B
- MD5
  
  04d18e8ef087470e6f7be84c34ea6ce9
- SHA1
  
  cf7eb1b02669ed150ab7a408de5bbfc3161cae06
- SHA256
  
  fb3f7d634536a67083339e7790edc3e5e067d1e5e9e143f12d25a6f649dfcada
- SHA512
  
  ea3ec3bc733107f859dec64a06d7f0ccf01615a9fbb9ea32bed6a7682422dcd71c9f3556a7da23218f6fbc0a2e46aec5e978c5cda48622d1f15f26be8a88fcca
Score

1^/10
behavioral3 behavioral4
- Target
  
  yeno slotted so sexyyyyyyy.exe
- Size
  
  8.2MB
- MD5
  
  def8840241246f7ffd84e685fd112df0
- SHA1
  
  0fe476723a584a4af31db476916b6b7b7103ced6
- SHA256
  
  677d8b0da2b7f4df529b45f5546b4778ee052f8deaa55972690078547e111fd7
- SHA512
  
  de06a20842be32d8a14fd8861d6f141f74055f736660899fec3f792115f9a76b41252ce4381b4cd1ccc3f41f7925f1fdb7a7ce982438c100b9a1f94ac88bd560
- SSDEEP
  
  196608:fjP+sxfN+/urErvI9pWjgU1DEzx7sKL/s1tySEQAkjUWlRH2WR:7XxfE/urEUWjhEhn01tv392WR
Score

7^/10

upx spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  �U�ۻ�p.pyc
- Size
  
  1KB
- MD5
  
  97efde9af96f3a98a5662f06bb39e287
- SHA1
  
  651a13c37685833f6e4550348b060c976f68fe6c
- SHA256
  
  30b75cfc566444263927949470969c4c1fcdad05792dcdf31fc9946369072595
- SHA512
  
  4d74e296901bc4e8a1ef1d2b6c0dcf03b85ce3cb2a2d360eef2b68457d6b07a0fea0a9c93904422db1465f6c3cfd6cb657050003e41f5cdccab1ed3f877dd55c
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8