blankgrabber | 73844be31e3efa06d5ab2bd9ed56c5e0421ccd1078340539433efcae288827f3

General

Target

VoidNETFree.rar
Size

6.5MB
Sample

240419-aee2bsag43
MD5

acb76d1878ad30906b30efec9e28d150
SHA1

e1bba01a580f304515db2049e02dcead4c6b303c
SHA256

73844be31e3efa06d5ab2bd9ed56c5e0421ccd1078340539433efcae288827f3
SHA512

a5b239b16fab337a537e0c40f3c411172350eb21a9e9843d8038fd156292fba0e03eb9176b96491c357fdafe76fb7a5f3aa61bedece13e14a3369e2041dfdf89
SSDEEP

98304:dljiSdgbCFcrjIWl7Asq8PMXxLXmQ99s7VfXanST7a4lYA2//MQl4mF+IFHSmouU:Fc1nIX8ERXFfs7VfKSH2/fpF+IFHWFlL

Score

10^/10

Malware Config

Targets

- Target
  
  VoidNETFree/API.exe
- Size
  
  6.6MB
- MD5
  
  07fcda5e8c88548ab30e7a26b0304d8a
- SHA1
  
  b6abf49f34ab1465cd6f671b2148e5ddcaa2f152
- SHA256
  
  0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458
- SHA512
  
  cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92
- SSDEEP
  
  196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj
Score

7^/10

upx spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  VoidNETFree/VoidNET-free.py
- Size
  
  5KB
- MD5
  
  16475f875c7f4ed14695f5391faa15d9
- SHA1
  
  b64555b39f5af802d97b0ce6f355f74955fbc57c
- SHA256
  
  6375ef8cb3ae01d101b2be93b8a65bd7c57c648de728323c5ce87b26f2764b39
- SHA512
  
  da48367a93b50c038ec65c5bc961ce9b04ad915ce8d70ccb416cd06a0f50862ab997d7bd9b2270c94e6b71219fe699807247c7108a00b39f5ad4b740a2efceb0
- SSDEEP
  
  96:1j6e5CbhLIvhHltidc91WV0mya7FeGQ+YZAoUD3jhn:t15CbhLSRll18B5oUD3Fn
Score

3^/10
behavioral3 behavioral4
- Target
  
  VoidNETFree/VoidNET-starter.bat
- Size
  
  312B
- MD5
  
  a151263c8baca70903618db739413eb0
- SHA1
  
  76c56db74239c2189634c2ba3972ba84429e42aa
- SHA256
  
  5b6cff4d753884e5a47059babbffe6d54aac0383b481d2ed62e65ae2824dd88a
- SHA512
  
  f56c16d753ed1fc35aa96426bd4d0463e13479051c6e26ae6afd89d3352905448b8be212e7d05ad4c3ee3bc14a80d2271b51aae499a00d31400429651486072f
Score

7^/10

upx spyware
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6