blankgrabber | d33fe2a172d41b4411ae08c0a77769146bc3d36cb07befb0b25b3b39ffe981c9 | Triage

Submit
Reports

Overview

overview

Static

static

spoofer.exe

windows10-1703-x64

spoofer.exe

windows10-2004-x64

7

spoofer.exe

windows11-21h2-x64

7

Sharing

General

Target

spoofer.rar
Size

5.8MB
Sample

240427-k28bhaga3z
MD5

e557338a66e1cbdae8ef7177ee6ac564
SHA1

1a38301126a19fc35a398325a3e78bdd295d1b00
SHA256

d33fe2a172d41b4411ae08c0a77769146bc3d36cb07befb0b25b3b39ffe981c9
SHA512

5384c36328e156fe8cd466c59871b5f6daf1e14fb7bea06f6bab76d8b5e5ff8016a2b8ca1cdcc687aac985d29b7fc9a081b5dee43d8606300d27edd611872229
SSDEEP

98304:Omc5D2BrJIUBuVJrOIue+W4g4JVXWIIWKUN8AMoiz3arksoAREYAoc60Pq66y:42pnex43/WCwoibeks7REYAot0D

Score

10^/10

blankgrabber evasion spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

spoofer.exe

Resource

win10-20240404-en

evasion spyware stealer upx

windows10-1703-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

spoofer.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

spoofer.exe

Resource

win11-20240419-en

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  spoofer.exe
- Size
  
  6.0MB
- MD5
  
  51404c7e914f379cf9422e723dcf8394
- SHA1
  
  45f42f018d0b63cf6a759164e047e3688a6bcdf3
- SHA256
  
  8c64138979cd1fa9f3e8b85750f4d664a58749486d6d40ef5f67a48d3deed612
- SHA512
  
  7aa21406843915b4c4ca77d228a0ad625fc8a33b7793a9894aeb63511188f014f817357a1b011b7908140a34ed96d8fcb4902f6ada84dac36d9c4de3a2000a4b
- SSDEEP
  
  98304:HraPEtdFBg3zamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBMDm238I2:Hra+FHeN/FJMIDJf0gsAGK4ROuDh2
Score

10^/10

evasion spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionspywarestealerupx

behavioral2

behavioral3

© 2018-2024

Terms | Privacy