blankgrabber | 0859c2df10da99ec46eb0cfb5516f0ae95ee376b0c574898bd78d6310dcd4c22

Sharing

Copy URL

Twitter E-mail

General

Target

HMC 2.2.0.rar
Size

196.0MB
Sample

240709-px7lmavbpj
MD5

7058f56bd8afc8bd06509d5e4a339925
SHA1

6f7434dea0295962d003f627faee056c33a43705
SHA256

0859c2df10da99ec46eb0cfb5516f0ae95ee376b0c574898bd78d6310dcd4c22
SHA512

5c009747f25daea1c6eb20860b931171516bd6dc512df46a611b26a7361f598c3858002d67e6d77e064336de0d8cae0ba88f570b259b63f6b232cd0b2cb92682
SSDEEP

3145728:IQXy6mpG7JKqeLeMtV66VIawDUHaJUcrYwC1n7fqHqGgr8DTPC+car7PDre3nyP:JXy6bMl+0wDJZ5Cl7KWWvre3yP

Score

10^/10

Malware Config

Targets

- Target
  
  HMC 2.2.0/DotNetZip.dll
- Size
  
  462KB
- MD5
  
  79c304e621ffbb4611b698dc2fb9dc41
- SHA1
  
  30413ad0c9e2f955ec43ed9dceb156edb11c419c
- SHA256
  
  46103e4d053be472f1c85223a43e179a5f022df14607febf6f48837473bd3e9d
- SHA512
  
  fef8764cb5f15444ef8dc6877bfd45133af019a87158c701a95c87f3297e32e27607daddbf4aa365133d60fc3f449acfa4f5c003ffd478c59d7940154d9ab5a9
- SSDEEP
  
  6144:iF4lenKdxBoW6iev7zBIL09vdGtSV41kJDsTDDpBnse6OVxLV/xgaqYN3fmxalo:iF4lqKdxBdheDES4csRBse6sfzVca
Score

1^/10
behavioral1 behavioral2
- Target
  
  HMC 2.2.0/Entropy.dll
- Size
  
  104KB
- MD5
  
  d45282966db7731687135c76963634a1
- SHA1
  
  8f217e0b15846a45f7e6e528e5f99ef425efe4e3
- SHA256
  
  68310ea51caca38b53b4ae3d5eb7a24127da4b1021c36963e77a0dacf4aeff73
- SHA512
  
  98f1035130a3126fd1613f1ab23c5328a763d56dd2b211d12ab2a17529a3ed1c2542a8f00cfa3ca7224e1d7d9e2dff378dd90a8adcd72f1566175308c038d943
- SSDEEP
  
  1536:GaQAfp1LJb4vLl8JWOKweLZjdtey2+0A1afQ9EUWtgCNC40fa:Gifp1LJcjl8JWOKweRdEykAWtgCGa
Score

1^/10
behavioral3 behavioral4
- Target
  
  HMC 2.2.0/HMC.exe
- Size
  
  418KB
- MD5
  
  7d3ebf849408d0c4b61630a7c8967571
- SHA1
  
  86d643bb5a0a37bf9197af0bf3a029f7a1cd17e2
- SHA256
  
  8ca44cb6bf54b3cb4c6348ef6f2c24360f876208c46924e244f4f6ad6a580c52
- SHA512
  
  16fb404225217bea60811bb452263db9f69fb3be76f6275c323d36fe7c09c1ee2ce9c1eba423c9514efbb74f3b203d16c4f9722747c915a0dbb505ca025b44ad
- SSDEEP
  
  6144:+t5hBPi0BW69hd1MMdxPe9N9uA069TBJPGbtc34+:+tzww69T7ubV+
Score

8^/10

upx execution persistence privilege_escalation spyware
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  HMC 2.2.0/HandyControl.dll
- Size
  
  1.7MB
- MD5
  
  f68e64637ac34443ab8fb83bbeab2bf7
- SHA1
  
  82e5a63b21f02ff3ac651a203523fb473a1aead5
- SHA256
  
  471a6ce1aff5b635df599f21cf3e4894d9e893ec9d42d733f9f5c3672bdb8383
- SHA512
  
  e41119634301244331eae3ed13b3a739e68b2a45a1f8c08949d37bce7d189687568cc19c382749ab906ef536305bd1f14d4462e2d27667af256fb047d1eb4eb0
- SSDEEP
  
  24576:qwr+FdUo+3uuobzeXEF7qpILuLUiOBqiIiGiXiIi6ioIP7cTq2b6s8uUpWGGv+dN:q1+3ubbzapdMvw0GcZ
Score

1^/10
behavioral7 behavioral8
- Target
  
  HMC 2.2.0/IpMatcher.dll
- Size
  
  12KB
- MD5
  
  66b5ee1af1d75592612e24bb1bf10072
- SHA1
  
  6a104e3338f1534a1233872574bf4e00535154d1
- SHA256
  
  318d50f35b83ec3a2f0fc339d4155c47d2d9ddf3444047934bbcdccef8167e39
- SHA512
  
  213af0bedef1c1e66169cce7509298b872f09e56972781ab3db6d2884c63200ea35d6e815b28d8fa97d92a385df3a9af80bc5b0c03d416e0551a327a199fb403
- SSDEEP
  
  192:2gZAuCfvti3mt3LjCm31CLiQST1YuDIl4TWQelDoFujH8Z:lvCfvti3mxLjCm31CLiQST1YuDIVTlDQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  HMC 2.2.0/License.dll
- Size
  
  16B
- MD5
  
  26a0d549d0987279798cb6421d2ddfa2
- SHA1
  
  ad6c266dee68a51547f0baf7ac57f52d56cbffb1
- SHA256
  
  a329ce0d40e38a0126731c4f47d638995808b2afed73ec3e430909b213b232ed
- SHA512
  
  a55d1bc5537e856e0b16efe2b3b38a26cf5e020d008620c74239b7c0247bd8ba9b470e8c36fb081357c7c6f11f28640cdfa5ee3e269b47fbfc247a2f1e587178
Score

1^/10
behavioral11 behavioral12
- Target
  
  HMC 2.2.0/MailBee.NET.dll
- Size
  
  1.7MB
- MD5
  
  0b309ea2d92164c41937efc3c4a75cb3
- SHA1
  
  9ed899ea9f15c69d21b81f57d74d9d07c4d8cd0f
- SHA256
  
  7428e138a0b2a9e87f8c47076074d29e8d9ba18e07784db6d568ec15cde88bbe
- SHA512
  
  4695fc4e240e1a3ec8ec14f984c3c0191e4c265ea9b7bb44529bf54fd4365d2d09cf5110138c66896ab71512c7b7a36da0eb63202047e705375a4ea1467eb6ae
- SSDEEP
  
  24576:dDMgcE4ilhMM9XBav0OvQRka9P7mijqMaP7P:dDMgcWfMM9XBQ0Ov0mi217
Score

1^/10
behavioral13 behavioral14
- Target
  
  HMC 2.2.0/Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  16KB
- MD5
  
  1e79035fda3aa29bf70f9df1023ce3ca
- SHA1
  
  847ab97b81dd1c83ae196307b52d8ae983ec5b8f
- SHA256
  
  fc3827cfb6834f0ffa6cb76278f309a3b598ae01c751f13fbeb57886e4168943
- SHA512
  
  338550a154ce6f876e101c5d66cd78a04126ab9236c3fd1ebc124ee9db1b72f8a16f1ed6f857fb773581326ac5fc808939b7d3c9fd529123137b48ef4bf9b768
- SSDEEP
  
  384:DOJWqnwnBbNA1kq40VES2j0cX6dAl+NW2VzrdcmDqxRWeq/Ws:DulwnBhYlTVv2wK5idcgF
Score

1^/10
behavioral15 behavioral16
- Target
  
  HMC 2.2.0/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  69c1a967b27ef8657e8c6665de47527b
- SHA1
  
  34bb58f3d27335bd055d297bc52ce2146698d711
- SHA256
  
  3be4fda7b6bd04e9aeaabf973ccc952afb5c0a6aa0fa672831ca82df218df84a
- SHA512
  
  1ee211079618d3b019e0b89d984fc8fef5ad359c312104eee46ce5ddac74271f70fe0d61967e7fc325d7e0181760ca265dc547300237c32f2e35ecc14d3b7f58
- SSDEEP
  
  12288:CLnRIXzZu/3yNFCU8xF6xc8yNRaVjI3QMDajj1HiiiR8MJhBB0ihT1fWNUwHOvWG:inR0Q/3yN4U0Wt6MBCjCu
Score

1^/10
behavioral17 behavioral18
- Target
  
  HMC 2.2.0/PresentationFramework-SystemData.dll
- Size
  
  8KB
- MD5
  
  dca6f1b8644df5d0890a7dbc6411e86c
- SHA1
  
  27066bf658df2d398aad6003ae8496dcf015a4d5
- SHA256
  
  48883bd04158c2456ea1be831b559b594fb86199c0d9618e7c3fde45a986ab26
- SHA512
  
  046020ad671d37935eb674988186eb6a8a28b093887f572a4604781be3f8fc6d9df96a00580f352789bdb7ea0f8ebaf6ee3cf13c6be5118bd1df290a3487742a
- SSDEEP
  
  192:cmBvnnwQh8N/UH6AKwBz1o5fDzupoiuhuWHsWYSW:cmVnn98N/Y6m3o5PPiu0WHsWYSW
Score

1^/10
behavioral19 behavioral20
- Target
  
  HMC 2.2.0/PresentationFramework-SystemXml.dll
- Size
  
  8KB
- MD5
  
  160928813e7cafd92bd765bdce4c18db
- SHA1
  
  85b11c0d7469a9fc8d2c297e35665b41ee73c754
- SHA256
  
  872673e0e79265978bddeb5b5c410417d553920bd373a9976a33fa1549f4b563
- SHA512
  
  6de533acef8efd4f15a0a2155279a0143f6c86d91c39a41d7683195a868e48bd1850f750d6d6c635ad33df48da5a8bd152aa5fac29534de9b22f6340cd836380
- SSDEEP
  
  192:Yy/Rs7qoQh3vcXP+dKsY1tsbCyo+hCkPd2JCWfDW:Yo4TG3k/+StfyoMCkPd20WfDW
Score

1^/10
behavioral21 behavioral22
- Target
  
  HMC 2.2.0/RegexMatcher.dll
- Size
  
  198KB
- MD5
  
  44e7acfa4b123af014f21ce4286018da
- SHA1
  
  716ac3de5015c3b5e60332e7062278a072ab743c
- SHA256
  
  9787a9a2cd79ba6fff3398e5cdc883c5ac1817c088d73fc7933f414b5d914830
- SHA512
  
  3ba06f536257131092fd5c6e3125a5b2e2ede2147564fac9eee8af71d05e57b91ad6a328938516d544f02161a62cdb2442c4bf36c1ca4ae1f264f769e6341ba8
- SSDEEP
  
  3072:L0Mw8b4aPAYD4XJfuLN8WSdEJ15Kxa8pMvr0/f72QPY4wOd7hGHqVMvskjOVcML3:HiVfSCD
Score

1^/10
behavioral23 behavioral24
- Target
  
  HMC 2.2.0/SharpCompress.dll
- Size
  
  558KB
- MD5
  
  a582e2f7ccb5875c188716b5e5bc84f2
- SHA1
  
  0f1bf79fc02262614038205bd20709dca2ceda62
- SHA256
  
  f7cf666f0bf661f63ae3a5e531516fd68ac9353471faa78443f21bfd0a5f2f4b
- SHA512
  
  76d036be7840b2e8382753a4dd745aadcb6575e8276e335a2cad9fd46793bdba786d1b32c5e08e43192ed86bb319d6706ca9ae8e061a9fdd96987fe93b0384fc
- SSDEEP
  
  6144:ZcdsAgdCvxAlzRRs3+nZgA31sKLQ6RGk6SOZ3YuK/FhLDrthTjVjTap23T7nAEzq:e1xw1sKLPRHFhdCgT7Li3Mc2Cb
Score

1^/10
behavioral25 behavioral26
- Target
  
  HMC 2.2.0/System.Buffers.dll
- Size
  
  11KB
- MD5
  
  0bfef61b203054f6fbf08419ffe3f018
- SHA1
  
  ed9d0418507630996eb2c473ec5daf11d185c2c6
- SHA256
  
  d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9
- SHA512
  
  4e848c56e79a7df025bf2fe2879dcff5718e0f81d804e82c658fa319233a0431ec60955ce3fc3ed4dffb9a823ba770dc6383e88c97316cbf263c7ea8f55dd051
- SSDEEP
  
  192:CpsZpZD2wrM771vOC9yXOfcgSQfAxRyMzwWvYWJea:/rMdp9yXOfPfAxR5zwWvYW8a
Score

1^/10
behavioral27 behavioral28
- Target
  
  HMC 2.2.0/System.Data.SQLite.dll
- Size
  
  392KB
- MD5
  
  147328def2e79a86d7335a661eecc051
- SHA1
  
  98ff30131d77cf28807d50b97cc92cc8655e235c
- SHA256
  
  7442d48a24c1747cb17d80e95c4d7343de16e14a252484ace3be3fae55b1d641
- SHA512
  
  d26f6627f09cab90ae545df68f2df006f0beb988cfadb16f6af56a454e854a9b9c10d2ce787052b80536f9d05b7286d57e42f361f54944e20df99b3c1c49aefb
- SSDEEP
  
  12288:Omfjeeb63oRXFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5c6:Owu3oRrP
Score

1^/10
behavioral29 behavioral30
- Target
  
  HMC 2.2.0/System.Memory.dll
- Size
  
  129KB
- MD5
  
  1d3dd9fcc077e6b4f88c05b9aef53ee6
- SHA1
  
  12b33858bc84f54b8aa8dbcb5a0ec2da043a6f66
- SHA256
  
  d5235265564f0bfd23b7279d7bdccc9ea6383ed07c5d0bfdf6c99029af9a2c0c
- SHA512
  
  81ee9aaa809219c6989b648af1cd6f91d229823505ace58314bbf552a985ddbef7d8fba8703948727d92da94070834b5879ae47451fa98982cde16b36c771c69
- SSDEEP
  
  3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rc:OB8l3/aK32
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32