blankgrabber | 5a0461545da96488d576540bc526e5c1a861d09f2c73f528e3191212d2f9f1b1

General

Target

sillyboost_cracked_v1.zip
Size

40.4MB
Sample

240527-p63c9sed57
MD5

9999e496ea39c2cd016d4e893811c01d
SHA1

f1de7c2e4767d764fe46e118581f2c6908ade992
SHA256

5a0461545da96488d576540bc526e5c1a861d09f2c73f528e3191212d2f9f1b1
SHA512

a13e5a3ab1dfd2857602fd7fa8ddfa5e404b644ec057bf2bebfd38ad27628ed6080cd39254df6da4af979c800bc46fc7a4f9b8949ec70962172e645d04c43c82
SSDEEP

786432:djWwTiwq0JgcbRI3IqVCQVcZQ+iurECpdBekLw8WtYt3LFLI:dzTA0JgcbrqAQVD+NEWP7LLtRLI

Score

10^/10

Malware Config

Targets

- Target
  
  sillyboost_cracked_v1/crack.dll
- Size
  
  4.9MB
- MD5
  
  d8131fd472e3f921dca592b6c0872c26
- SHA1
  
  3be46fc189d169673e3f8779128b42f17be131d3
- SHA256
  
  e923fb5d56d8f8f7bb2f0b11be779ca5d87164c536d9f8c0c24a89b52a372c06
- SHA512
  
  9fa8978e2f6549b56cc077e8d857cbc5e106cb9da0cef976326110ce0f6dee11ca0fe72751e63d862e42cad80508a0747377e08b72cc4faaa9f614381ebdf6a9
- SSDEEP
  
  98304:bd1z1vEYCYWcv4DoirkjuQM/OMc7/2QIqLAIOiqrr8HfdmjLdGGf:bdx1vMlDEXMc7MqcIOjH8O
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  sillyboost_cracked_v1/loader.exe
- Size
  
  5.3MB
- MD5
  
  ed358d5c060320055e0a1bfce6b1e419
- SHA1
  
  12853b07f03fa86e2d859475ff16243a8216c1c7
- SHA256
  
  b7e0248552ac34bd73e2e6ac4f6b5edeb2ad27f094df41addd8e989c7256bc18
- SHA512
  
  d63c96aa4dba2684e210d7893a9b166490b674a34e4acf95b8f80df4c04284d58c23c0295d27451fa971c1cb9beff1fc499057f5afab0a1d790dab9ac8cba00d
- SSDEEP
  
  98304:V8ihICaLqaR7bM++vEeIML8+vTV6oQpSJxtN7h0w27jVGDLhM34CLCIqgFF:V5Iaa5bM3IML8+7VZ30dM584CL5nFF
Score

9^/10

evasion execution pyinstaller spyware upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  sillyboost_cracked_v1/silly.exe
- Size
  
  31.7MB
- MD5
  
  edf5231904acc98d0aa6e8dac9e6f57b
- SHA1
  
  ab01505afc25fd2286fcc52a52a12c510b298fa4
- SHA256
  
  4400e10819840cbbe5238f4cb4560ec2c5fa6dbfca6124d6065aa8df42506472
- SHA512
  
  b4e01b5e2756fae3f7872d909bcb1e26618c6713d5428af6c96d08613154f65e749840ee07c3d6ce42af974a2c6c87b2bcd90e494e2e61722a377982b7070291
- SSDEEP
  
  786432:EYSoQBHU9SuW1HMqG5qkOIRFbRBYvHjwouTtRLzx:EYSoQBD/NMqpk9FdKfjQtNx
Score

8^/10

upx execution pyinstaller spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6