blankgrabber | e1d6cf62e0d63e06f423f8778b0db3dd971a6f1d79c2e12a91b71c24ee8e1908 | Triage

Submit
Reports

Overview

overview

Static

static

BEAMER.exe

windows7-x64

7

BEAMER.exe

windows10-2004-x64

8

k%F'�%}.pyc

windows7-x64

k%F'�%}.pyc

windows10-2004-x64

Resubmissions

02/06/2024, 17:43

240602-wa3sgsaf96 10

Sharing

Copy URL Twitter E-mail

General

Target

BEAMER.exe
Size

8.2MB
Sample

240602-wa3sgsaf96
MD5

fac5d776ed2c44d3b10bc81bd4dd97ca
SHA1

7e3ccd514f1578cfc2ab2a4472677adf18d0c784
SHA256

e1d6cf62e0d63e06f423f8778b0db3dd971a6f1d79c2e12a91b71c24ee8e1908
SHA512

db27c160b1dd300db743c10e2b8f4de39734c7f537eea3b198ca8e32ff2b61368bb3ec01aff460a31206e1e0b5c12ae94b809a1846bdff4dcbdffc1b1977cd19
SSDEEP

196608:+rITCEzRHRrIEbWLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEZNkfWHio6+95WE:CslqL+9qz88Ck+7q3p91JmN8M+95WE

Score

10^/10

blankgrabber execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

BEAMER.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

BEAMER.exe

Resource

win10v2004-20240226-en

execution spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral3

Sample

k%F'�%}.pyc

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

k%F'�%}.pyc

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  BEAMER.exe
- Size
  
  8.2MB
- MD5
  
  fac5d776ed2c44d3b10bc81bd4dd97ca
- SHA1
  
  7e3ccd514f1578cfc2ab2a4472677adf18d0c784
- SHA256
  
  e1d6cf62e0d63e06f423f8778b0db3dd971a6f1d79c2e12a91b71c24ee8e1908
- SHA512
  
  db27c160b1dd300db743c10e2b8f4de39734c7f537eea3b198ca8e32ff2b61368bb3ec01aff460a31206e1e0b5c12ae94b809a1846bdff4dcbdffc1b1977cd19
- SSDEEP
  
  196608:+rITCEzRHRrIEbWLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEZNkfWHio6+95WE:CslqL+9qz88Ck+7q3p91JmN8M+95WE
Score

8^/10

upx execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  k%F'�%}.pyc
- Size
  
  1KB
- MD5
  
  66891d5b3fc11c86a9aa238d78d8ef14
- SHA1
  
  37bb4705a61cbd66620b44e124bc56adc3494f2b
- SHA256
  
  04bcd85994068fd0761d9ab9330bf879ff5536b259e7a254004c71568df3ed29
- SHA512
  
  362f1050604aa26f0af29f54702d0207b8e051a88341a83796b253d6b6f341589843f40841875d2e8cb78a181854d75b12f07021c6547a85cff305ee7025bad8
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionspywarestealerupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy