blankgrabber | 3c9105d0c851b8cba35908d00707e447198b04e85995e48c92077b2e7b24b9c0 | Triage

Submit
Reports

Overview

overview

Static

static

PEYSOHAVX.exe

windows7-x64

7

PEYSOHAVX.exe

windows10-2004-x64

8

Sharing

General

Target

PEYSOHAVX.exe
Size

8.3MB
Sample

240603-lzj2kaag3t
MD5

491c23ecd3104bd6b27952da53d3ba38
SHA1

a29458cb6006528b1f1792dcd56ce631f0a2e332
SHA256

3c9105d0c851b8cba35908d00707e447198b04e85995e48c92077b2e7b24b9c0
SHA512

b72886c24b051441f187ce825ddbc5ca23afdf0650027a7519e40cac1131023efd71d561730a4f7232a21c40c5fa87ba7d75fed7221bc63d9cd5743925d7fd89
SSDEEP

196608:Mrzi0cDeTIE0OiLjv+bhqNVoBKUh8mz4Iv9Plu1D7A7:kieU4GL+9qz8/b4IzuRA7

Score

10^/10

blankgrabber execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PEYSOHAVX.exe

Resource

win7-20240508-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

PEYSOHAVX.exe

Resource

win10v2004-20240508-en

execution spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  PEYSOHAVX.exe
- Size
  
  8.3MB
- MD5
  
  491c23ecd3104bd6b27952da53d3ba38
- SHA1
  
  a29458cb6006528b1f1792dcd56ce631f0a2e332
- SHA256
  
  3c9105d0c851b8cba35908d00707e447198b04e85995e48c92077b2e7b24b9c0
- SHA512
  
  b72886c24b051441f187ce825ddbc5ca23afdf0650027a7519e40cac1131023efd71d561730a4f7232a21c40c5fa87ba7d75fed7221bc63d9cd5743925d7fd89
- SSDEEP
  
  196608:Mrzi0cDeTIE0OiLjv+bhqNVoBKUh8mz4Iv9Plu1D7A7:kieU4GL+9qz8/b4IzuRA7
Score

8^/10

upx execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

executionspywarestealerupx

© 2018-2025

Terms | Privacy