2ff0bfc262e42dcfda448caaaf1fccf91f110ec0efc721f69285441ff2187517

General

Target

Oak-Grabber-V2-oakgrabber.zip
Size

26KB
Sample

240406-l532mafh4x
MD5

eb7ec47bed8a050be4c9d2c795d9e523
SHA1

a8c090b241249d6ed905e2531469bca2c0621d92
SHA256

2ff0bfc262e42dcfda448caaaf1fccf91f110ec0efc721f69285441ff2187517
SHA512

bdf32cc8e2c368bbe103f6e51eb27132a3d5b705105bb9f5a1a6e71cb94a1677525afbf0aa2d32a7e2d23ba0b843a73e863df5323ee97239767b563a04fc332c
SSDEEP

768:dwE1iKacXkAlHGwWtjlSfAAywOkcnXkx+I5VGctRY4slAF78:dwE4PikAQXpoJOZS+yoczY4slAFo

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Oak-Grabber-V2-oakgrabber/README.md
- Size
  
  2KB
- MD5
  
  934f09b67fac997e357241298dbc273c
- SHA1
  
  ec2accf532d7c1e919a581675bdd2ef0abc1aef1
- SHA256
  
  8d9b4b4f23caa65c3e03a8349425c475a9b1852e698a9a765e0c31e7ae866c9f
- SHA512
  
  d47b81d93dba289f16b5954cea503b1d2634f553a18eb12ed1931face4b6f5ceebd90bbf16d2d0b1eee3bd15b68fc6fd20c7aa54e073fb7febe593372fccfd98
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1
- Target
  
  Oak-Grabber-V2-oakgrabber/builder.py
- Size
  
  11KB
- MD5
  
  c9b42ecb36f5b9939c6286235970fadd
- SHA1
  
  89c362bf4c49ee59eeb32b3c820ae8d6bc3669a1
- SHA256
  
  8e999bf8fc8fd05e0facd70ac15751d9a39b723395f86f4165c92949500cae61
- SHA512
  
  1e4761628bbb4cbff42a23470cca4d689a7c8d410b2f14bdf8b12cdc60468434c1fdc27e4f5a3e30a9a4d36fedcf767cf2ddef409f40cddcb4f340ec49427918
- SSDEEP
  
  192:567EzEegg6U/EnE1iBINgvq135qbPq32OJmIy1Rl/XW6Wr7VJ:567EzEegg6GEElgvq1JqbPq32OJY1DbG
Score

3^/10
behavioral2
- Target
  
  Oak-Grabber-V2-oakgrabber/install python.bat
- Size
  
  878B
- MD5
  
  c38def437985f5a8bf0c2bfca5b4256d
- SHA1
  
  aee4ed8c80b3635864ebba27afed6527cfcba8c3
- SHA256
  
  855351b89743424c024807943d79c267b91992d0d4074811789817694d1c6a72
- SHA512
  
  a563213fcdf36b9e10b293c7ce3c553c47d87d3ead4c36cfcf0fb1968f91294e23f4e27010d481adc5b25fe733ad7b9c0214a76dbdd9383253609347c99a8fbd
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
behavioral3
- Target
  
  Oak-Grabber-V2-oakgrabber/oakv2.py
- Size
  
  82KB
- MD5
  
  e8fca238762699a6ef5ba420afaeccbd
- SHA1
  
  0a603ae7a06fed50d4f72e6557ae9f3c2d48c8df
- SHA256
  
  4c466e78d6db8a80e59790f0c724deee02f68e40fd2c14abeb10222615d807b5
- SHA512
  
  ac6580eb86de173cf70cf565d78332f5de69064384d5ab30a083bc780358b0d5e0110668da670b1120d855c512e770310ade49dfd5cb4c50614a8120c6f96ab4
- SSDEEP
  
  1536:KDGTan6ss0n84iZY7I2vWw4PZF1Y3cO+vKbkiPCiJ0R+kZGMx:KDVn84iZYk2vWjZFu3cO+vKbkiPCLQ0
Score

3^/10
behavioral4
- Target
  
  Oak-Grabber-V2-oakgrabber/requirements.txt
- Size
  
  87B
- MD5
  
  66c9d82383e94ba110cfba4fadf698ce
- SHA1
  
  6293a4c4f7c59999a8f68cdde542b4666394ee5c
- SHA256
  
  41c1878e95626ca4bd444c1da4cfc51b4762a4890cbb1e9edbcfe5d96dce71e0
- SHA512
  
  147316ce8e2aed5c8dd61fc1ee251b02eb7a601029cc90c0b20e799face0c16832202184a94f60d0450864e849685f1236c3bb30119b9da505b7a5e8750c853b
Score

1^/10
behavioral5
- Target
  
  Oak-Grabber-V2-oakgrabber/setup.bat
- Size
  
  279B
- MD5
  
  589f71a831ec1828a0fdb2317c0f4a20
- SHA1
  
  b2df9b55d97c976f24f2abe2063b25342f7055e3
- SHA256
  
  061704f8f17abd57f92c3b158bcea2ec83b9c971265b2513aee8219814a89ec6
- SHA512
  
  70e3b11515e17e7f26a78a9e7a88838c549867a79e8efce39986fc4da7d315111368da243f4026819bcc9b33e800fef88d444dc44bac6691b4eef5d53d328977
Score

3^/10
behavioral6