blankgrabber | 2dc86fd9e7b5746036284768f475ea9c3268c8bfc6cd4001f9a27bb923028467

General

Target

aquaV.exe
Size

7.4MB
Sample

240726-qa5deszajr
MD5

49aa048767303db8685115ce421fa3ec
SHA1

259179216bae1ce03d880549f25de447324cf589
SHA256

2dc86fd9e7b5746036284768f475ea9c3268c8bfc6cd4001f9a27bb923028467
SHA512

f2b28a672ead669a7a133d253dfc142952055ad1579bd762a0cb75c281d79b524d30cb489d6bc7643191bce2cad1b150f47a9a632c8b804358cddee8bd6e1d1b
SSDEEP

98304:2JSi8x9XQsTurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC112j:2QP9VTurErvI9pWjgfPvzm6gsFE14A0

Score

10^/10

Malware Config

Targets

- Target
  
  aquaV.exe
- Size
  
  7.4MB
- MD5
  
  49aa048767303db8685115ce421fa3ec
- SHA1
  
  259179216bae1ce03d880549f25de447324cf589
- SHA256
  
  2dc86fd9e7b5746036284768f475ea9c3268c8bfc6cd4001f9a27bb923028467
- SHA512
  
  f2b28a672ead669a7a133d253dfc142952055ad1579bd762a0cb75c281d79b524d30cb489d6bc7643191bce2cad1b150f47a9a632c8b804358cddee8bd6e1d1b
- SSDEEP
  
  98304:2JSi8x9XQsTurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC112j:2QP9VTurErvI9pWjgfPvzm6gsFE14A0
Score

9^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Credentials from Password Stores: Credentials from Web Browsers

Command and Scripting Interpreter: PowerShell

Clipboard Data

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Obfuscated Files or Information: Command Obfuscation

Enumerates processes with tasklist

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2