blankgrabber | f9114c8acb294c73aa930a8247bbb69bd0f4b59554809d781060465958983d73

General

Target

Scorpix.exe
Size

68.6MB
Sample

240725-qyahysvapb
MD5

ea6f4cf47e323f4f107e3dcb7b71ff67
SHA1

3ec17c0baf516f6466e0d4d79a408e9e3ef5bf91
SHA256

f9114c8acb294c73aa930a8247bbb69bd0f4b59554809d781060465958983d73
SHA512

c7f9104535d9accfdbff802337d17617aa1ceb267cfe0b85e1911c727acfcfbde35d5ab1d7f426cf788b71851f3d8476ce92294fcf4160119cbd812f750fbdc7
SSDEEP

1572864:WBpMrpXMJX606xXNhA6/xzcfbDKPu1JdQ5UVS1XLNu0Ck:kMNMJX/apcXkuRdVgok

Score

10^/10

Malware Config

Targets

- Target
  
  Scorpix.exe
- Size
  
  68.6MB
- MD5
  
  ea6f4cf47e323f4f107e3dcb7b71ff67
- SHA1
  
  3ec17c0baf516f6466e0d4d79a408e9e3ef5bf91
- SHA256
  
  f9114c8acb294c73aa930a8247bbb69bd0f4b59554809d781060465958983d73
- SHA512
  
  c7f9104535d9accfdbff802337d17617aa1ceb267cfe0b85e1911c727acfcfbde35d5ab1d7f426cf788b71851f3d8476ce92294fcf4160119cbd812f750fbdc7
- SSDEEP
  
  1572864:WBpMrpXMJX606xXNhA6/xzcfbDKPu1JdQ5UVS1XLNu0Ck:kMNMJX/apcXkuRdVgok
Score

9^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2
- Target
  
  �t�u�n.pyc
- Size
  
  857B
- MD5
  
  3b19c0316239d27bf716d39d70939062
- SHA1
  
  06b789389801edb7901add2c2160984a48d066fb
- SHA256
  
  d085243ce0a45329c6ee68a79d28ad1fe57b5e9581543da6ba0ac805c6909691
- SHA512
  
  862ba19364439089d0436992a8296055585a744a4dabf369461630ffb730e353e89f6823ab8a6cea3033c171af1282b14ddabfca179d81c6eb6a11bdc5da7e5f
Score

1^/10
behavioral3 behavioral4