blankgrabber | 23f5c5cab3ddcb54202a229c8d64dc1fe66aff31e4de3f518fe9c9948f8e0cc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Vast_2.zip
Size

61.0MB
Sample

240429-eet8gahc79
MD5

08214e81916398e491cdde854bf5b844
SHA1

0dfba16708455a30a5a2a7e7f7da95a7647707c1
SHA256

23f5c5cab3ddcb54202a229c8d64dc1fe66aff31e4de3f518fe9c9948f8e0cc9
SHA512

f07a717f47dfaf080c9ad6596dac815be29c8494fafc16ead1423fcab3fd66b86a93ae7da93049c67e6aefc1545288b036911b492cf61480d04718819bff6fe5
SSDEEP

1572864:9rJvzYLuli+T045k2PyAJWlQyeO5uWvvZtaTyCKqQr:9r1zWulZTTdULfveWC4r

Score

10^/10

blankgrabber evasion pyinstaller themida trojan upx

Malware Config

Targets

- Target
  
  Vast_2.zip
- Size
  
  61.0MB
- MD5
  
  08214e81916398e491cdde854bf5b844
- SHA1
  
  0dfba16708455a30a5a2a7e7f7da95a7647707c1
- SHA256
  
  23f5c5cab3ddcb54202a229c8d64dc1fe66aff31e4de3f518fe9c9948f8e0cc9
- SHA512
  
  f07a717f47dfaf080c9ad6596dac815be29c8494fafc16ead1423fcab3fd66b86a93ae7da93049c67e6aefc1545288b036911b492cf61480d04718819bff6fe5
- SSDEEP
  
  1572864:9rJvzYLuli+T045k2PyAJWlQyeO5uWvvZtaTyCKqQr:9r1zWulZTTdULfveWC4r
Score

1^/10
behavioral1 behavioral2
- Target
  
  Vast.zip
- Size
  
  61.0MB
- MD5
  
  6feb03112c3f3b03e1032878d5a658ad
- SHA1
  
  f0d101854d5ba435dd024e14a5db3ea985537331
- SHA256
  
  5073bec9a49167c26e5e6a419d86e10c8b83648fe9c643f22a7704d6ec71f887
- SHA512
  
  5aed09e5e3f17e7d32a3608fb0ba718fc64a210d10787422c5245269fb4cdf3813ca862db3e53bc5d2a9f0bccc03ae8672e78a38c25d613a0b22837551cc5762
- SSDEEP
  
  1572864:uIuZCs7N6RcCMtfqO6+mWllh/gVlO/6vnPRj80Imgk7H2nUrm13c:ulnN6RBMtiO6i9Ii/6vJjpImgk72z13c
Score

1^/10
behavioral3 behavioral4
- Target
  
  Vast gen.zip
- Size
  
  61.0MB
- MD5
  
  85c5cf74603f78747443587b66b06726
- SHA1
  
  c6057d4c1f2152bb8c12cafa1ad340e54c49b336
- SHA256
  
  ab68b23b8436e8030484d467ccc477ef97a2a4b1a2b737e5e594c046b293cd55
- SHA512
  
  0c18cffb7fffac88e877256a57c49435a1c0d9ab6e5cb9c12ed3554d89a19877bc6ba03d42e471a135c70dcd401a5b6c43df66d18456232ec89aada841965673
- SSDEEP
  
  1572864:QIuZCs7N6RcCMtfqO6+mWllh/gVlO/6vnPRj80Imgk7H2nUrm13W:QlnN6RBMtiO6i9Ii/6vJjpImgk72z13W
Score

1^/10
behavioral5 behavioral6
- Target
  
  Vast gen/Loader.exe
- Size
  
  14.4MB
- MD5
  
  654b91ae730fe2587ecdf8bfb7452e14
- SHA1
  
  2d7420a1b15b7e462f697ba4a44fbed8d48a14e8
- SHA256
  
  b5d40fd46874b97c031e3538f0ccdb16fa950391b45aa4eb48bc107eeb6bf15e
- SHA512
  
  2bd94f096aa1cfcf197194e959b6e2d7d86717b0f1cfcc32c2af8bcfc11f8ff7099a77adc6fe9a8284866a9229bc474caa858f6710b6809e3f42de6c8fe8fe99
- SSDEEP
  
  393216:mFrstQnlmhDYSZaEiJvDbrApkFvkqu/Fqyf0gstvAKU:mFrUMohDYYa7UpkHu4vuR
Score

9^/10

upx evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral7 behavioral8
- Target
  
  O��`��.pyc
- Size
  
  857B
- MD5
  
  88470027c5db8da7dd81122a0876d893
- SHA1
  
  c26edf341412e537bba905f2f4aa7baa4dfff2a6
- SHA256
  
  3a4c7aa1017d8275e51b040f3b9a5c0051c1a9abf416102d97bfe8de93f7020b
- SHA512
  
  97b75cfea3a454046a4b3300957b0d1934615bd3c6cc361e377dce87ba17d87397de42a063b8bf2a4e26780ac67094a06f925613b91d592800534a18497af082
Score

1^/10
behavioral10 behavioral9
- Target
  
  Vast gen/VastGen.exe
- Size
  
  39.3MB
- MD5
  
  9c5ff43c0f29ccd9e0a5682565e6e45d
- SHA1
  
  800574f0a4dfadcba94340c3d64a3e00fdd3ddce
- SHA256
  
  edb0f506950965f4af08ce445f137360129f061624a96424ecc19e70c20c3fb8
- SHA512
  
  f05a09e26dbe21a16cd33fde937b24dfccc820273886bfee5dcdec033588d6d576fa1eedceb673aa2aad0177281bff737a90ede22d814cd8132835b964ba3b55
- SSDEEP
  
  786432:DQtsgYVHiRyc0KaU2j6+s7LWB75zuk2F5F0nC9/JqrYEap9WMNmBHqeU:DQtCVHLc0KaU2qHWB75ikKzZ9p3p9WMV
Score

7^/10
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  main.pyc
- Size
  
  29KB
- MD5
  
  678169bd01b910630167a66a1bb70667
- SHA1
  
  138998ba4f3d5ddffabbee4db8d9059e53e820ad
- SHA256
  
  158d2975b2ad1775818107c054a971aa4e9d0275539d02042b3b1ee5e5d808a7
- SHA512
  
  88b40c640cc4a6c17c6653dadd7914b3d519f7c3ceee91c013acc8b89ef71a3e5e3c65ec3b604d65409dfa7477ffeb8a300cb2fdc6185f415b7e78f618d90c29
- SSDEEP
  
  768:K3qgS8iXB8eHegdkplKKljOd0CY52RwhHzW:K3qX8itddkpMKAdhYjhTW
Score

3^/10
behavioral13 behavioral14
- Target
  
  Vast gen/config.toml
- Size
  
  2KB
- MD5
  
  3a8c65068ef3ff95f0156441f1248d87
- SHA1
  
  7c22187466ad1651d5941192bcb0e509d225f92e
- SHA256
  
  ea0ac1cb9307212811bc56fc14f4acff3c19ed8fb8db55963d462c0b300ddb3e
- SHA512
  
  d4eec3ecff254390aa4fdd0585a5d54fa5c50f153335a2e53bb6347c8e9ffedba91ab11151d4b0a9c3a73a8d47972fb69986cbc43448fd9e7d5a8feffaf8eb95
Score

3^/10
behavioral15 behavioral16
- Target
  
  Vast gen/crack.dll
- Size
  
  4.9MB
- MD5
  
  69723359992ce5115d9b42638cc002e2
- SHA1
  
  72a48b2a1499a1588c9b9f3802cac8b2c672203f
- SHA256
  
  60c9cf09e8a9c2b2226b7088caea9ec876bfc9cdf890391bd05232114073dc9b
- SHA512
  
  598ca6dedf80c30eaea5a74b309f739b16a833bcaac00489b9d7bc97d4dc858023f2bcca60b3dc6374292c0bff1a082540bb9a3217da90381834cc8dfa664b91
- SSDEEP
  
  98304:+SyfeXYCYOJ0fn/XqE/1Y7UN3HGuHWGUKxEbem/4MBNDfdmjLdGGf:+SyKkx/e7D8WtbeY/LC
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral17 behavioral18
- Target
  
  Vast gen/data/bios.txt
- Size
  
  46KB
- MD5
  
  cb5f043b18850391fe2f1e4a56a38ebe
- SHA1
  
  c736a16f4fb749acdf7296b742e5c88daaf55f5c
- SHA256
  
  46d7d7b45ddcb96dbcc9173be9d2203b7afdd46798c2c2a6edd0d0842817fb74
- SHA512
  
  8e5f55670adf96cfd268c8e8efc8295e10c2a8cca3c381f7cbc80b0730be3078963c161500c1fc18073af738d7950879245e0d68895acb01bcf16e1977398b71
- SSDEEP
  
  768:BbMjZ4WxaisvnDo9L3e8SvaCsCLBX3qH7PAc59jn2PQ5d:BYjZ4WxaiKnDo9Lu8S53Z387PA8n2PSd
Score

1^/10
behavioral19 behavioral20
- Target
  
  Vast gen/data/proxies.txt
- Size
  
  957KB
- MD5
  
  e081c82c98cf7a8498f7682f91df7307
- SHA1
  
  14294fdf1ae92e4572c18668feb5c3bb182351ed
- SHA256
  
  42c26d7b01243256c86bb7294f7f0c64c51e83f2e3a5847f6a7a69e028f177d7
- SHA512
  
  95784fc37fc08dc2db899366e42eed974c923b91cb9568ca3da97af13c0fe81084f922053711e911aeac283b7c49ecc25d48343288f79b1d66d51402d2dc8680
- SSDEEP
  
  3072:ikw9bs3XZmcVzni+sxPsmcllhBmVCLeYDSmW8S:ikwts3XzVzni+CtVGDxW8S
Score

1^/10
behavioral21 behavioral22
- Target
  
  Vast gen/data/usernames.txt
- Size
  
  8.2MB
- MD5
  
  080e4f2554e1f7eb9f7fa4f4fbf59a3a
- SHA1
  
  7e46fb6d5cb053e4808a285c056d2246c076a1e6
- SHA256
  
  7d54721afa018d835ae7ec2ce96cb2f1240d14325683d14d2f3b31dd88ee17db
- SHA512
  
  e5d8c43a7df8e25890050e894a69a953cb7ea6ec56e817967679738eff3f7da99a10fa3730653a434c828164ed5b0cb2c0b5cd42fd9656eeb4c3aaf23e354294
- SSDEEP
  
  49152:a/GZ2z3hup05wWj1FtRUIH3/6tlESTbyA2T4Lj3LnPbEMWvu/l8k/YB0fw+oME0y:wdK1SZWKs1Q
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Virtualization/Sandbox Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallerblankgrabber

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

evasionthemidatrojanupx

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24