blankgrabber | 3c83c0b36d40cc3795715cc5be786b9564f076e89be159da6fdf12d895acb058 | Triage

Submit
Reports

Overview

overview

Static

static

5.mac_changer (2).exe

windows10-2004-x64

8

Sharing

General

Target

5.mac_changer (2).exe
Size

8.2MB
Sample

240727-fex5ssybkk
MD5

191b8f8e9b3910b723fcc605190a179d
SHA1

6ac7bc32890a164d533acbdc81adc18a9c3d73eb
SHA256

3c83c0b36d40cc3795715cc5be786b9564f076e89be159da6fdf12d895acb058
SHA512

8bf85c90ef0a5da4c4c5e04501795a41f5386a82cdfd6500ec3201d3865ee599e5fc1e78b58f83b63497a5c90f1d5089db5605556c7572ac4a1fbaa697b1ec85
SSDEEP

196608:DIA9V+GurErvI9pWjgfPvzm6gs/SEjE14A3:04jurEUWjC3zDAa04A3

Score

10^/10

blankgrabber collection defense_evasion discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5.mac_changer (2).exe

Resource

win10v2004-20240709-en

collection defense_evasion discovery execution upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  5.mac_changer (2).exe
- Size
  
  8.2MB
- MD5
  
  191b8f8e9b3910b723fcc605190a179d
- SHA1
  
  6ac7bc32890a164d533acbdc81adc18a9c3d73eb
- SHA256
  
  3c83c0b36d40cc3795715cc5be786b9564f076e89be159da6fdf12d895acb058
- SHA512
  
  8bf85c90ef0a5da4c4c5e04501795a41f5386a82cdfd6500ec3201d3865ee599e5fc1e78b58f83b63497a5c90f1d5089db5605556c7572ac4a1fbaa697b1ec85
- SSDEEP
  
  196608:DIA9V+GurErvI9pWjgfPvzm6gs/SEjE14A3:04jurEUWjC3zDAa04A3
Score

8^/10

collection defense_evasion discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

collectiondefense_evasiondiscoveryexecutionupx

© 2018-2024

Terms | Privacy