blankgrabber | 5e731882e3fc973da923cd68052f1036c07cf6e1e97265f5670b13b344ec0b6a

General

Target

CC_generator.rar
Size

13.7MB
Sample

240526-h7n4psbb6w
MD5

e1d8a5f7a5041ec4e660196c101dcc6e
SHA1

dfb1954f411249874e14b2109557a24e6d860053
SHA256

5e731882e3fc973da923cd68052f1036c07cf6e1e97265f5670b13b344ec0b6a
SHA512

bda03509cbe95fc48b0bb2a7de72c49ee52d3eb9edde9953d3e79a59ba5d7a4baf0e41210198927d566738661a86c2a02a8e65c2fa85ac0749ab7945244e6e76
SSDEEP

393216:J6UUVLJ60VpNRW9sJFyRhuYiqlB34qvij9dhXkYLfYk0JZm8jjd:axJyDufGB34KskmEJgOjd

Score

10^/10

Malware Config

Targets

- Target
  
  CC generator/PLEASE READ THIS!.txt
- Size
  
  1KB
- MD5
  
  2fe7906cf3bf9aaa65c078f5c539a310
- SHA1
  
  0cba9c3dece710921c7ceca361bcc7df5a7e63f7
- SHA256
  
  4849eeba57aaaef08700ffd6384e359b2640e8c956468dc69e69c9e78842bf86
- SHA512
  
  2da6bc7d2a63a5c7482a74def4ec86d02dcc81496a4d9da9cff6b2fac5206e6dc1b6f5c0702c0feaa5650776bb9f44a52cd7acdbf19e3cf48fa60ff25c6c8ab4
Score

1^/10
behavioral1
- Target
  
  CC generator/Zeo Gen.exe
- Size
  
  13.8MB
- MD5
  
  e401b8a0ff33bbd9fac216a4dcc58dc8
- SHA1
  
  8ec49af3c3efa518b5f0b8e35f1bbc9503567d35
- SHA256
  
  8ea82f3c6f29a82aaaec3a35f4cfd9227d532446a651947a3033c5ae5e8510b9
- SHA512
  
  73236c79c1ba371411dfede0a6f6b329a52326d93cf6c75c90e32e7a162f64b68b19d64e85f7ec3424191b89e2e585a25db1dc4253a204b7fe8c060963643eb2
- SSDEEP
  
  393216:0YS6kNaS/r076UJOshouIkPftRL54YRJY:0YS6kN/lUkwouTtRLzY
Score

8^/10

execution pyinstaller spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2