Analysis Overview
SHA256
fc89124753f93b1b3710e8e0dcbea2267b0444ebcba7474a591d769d833e2c77
Threat Level: Known bad
The file JJSploitRevamped.exe was found to be: Known bad.
Malicious Activity Summary
A stealer written in Python and packaged with Pyinstaller
Blankgrabber family
Loads dropped DLL
UPX packed file
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-02 00:17
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 00:17
Reported
2024-06-02 00:18
Platform
win7-20240419-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1968 wrote to memory of 2664 | N/A | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe |
| PID 1968 wrote to memory of 2664 | N/A | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe |
| PID 1968 wrote to memory of 2664 | N/A | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe | C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"
C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI19682\python311.dll
| MD5 | bb46b85029b543b70276ad8e4c238799 |
| SHA1 | 123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c |
| SHA256 | 72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0 |
| SHA512 | 5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31 |
memory/2664-24-0x000007FEF64C0000-0x000007FEF6AA8000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 00:17
Reported
2024-06-02 00:17
Platform
win10v2004-20240508-en
Max time kernel
0s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploitRevamped.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | udp | |
| N/A | 52.183.220.149:443 | tcp |