blankgrabber | 3b5869397c4daaf4badca0590254e90e09d3e25373524d2952ae815432b35338

Resubmissions

22-08-2024 01:53

240822-ca4v1asepb 10

22-08-2024 01:52

240822-cafs6sselc 10

22-08-2024 01:48

240822-b78d1ssdke 10

Sharing

Copy URL

Twitter E-mail

General

Target

BootstrapperV1.16.exe
Size

7.5MB
Sample

240822-b78d1ssdke
MD5

d07874e5e697293369d47f6727787711
SHA1

50b44591caf4de65d9abf7b6c9b4e1b3ffab549e
SHA256

3b5869397c4daaf4badca0590254e90e09d3e25373524d2952ae815432b35338
SHA512

2aff151b97d1928375f02175e28dcc24fc293fdfa0f44fa3b5a114914c378fce54af54bd96802063470b10ede717715547488c9695e8e33990a51043b375643e
SSDEEP

196608:mHhByurErvI9pWjg/Qc+4o673pNrabewyzWGPMYnN9s:KyurEUWjZZ4dDLIeTzWGPTNC

Score

10^/10

Malware Config

Targets

- Target
  
  BootstrapperV1.16.exe
- Size
  
  7.5MB
- MD5
  
  d07874e5e697293369d47f6727787711
- SHA1
  
  50b44591caf4de65d9abf7b6c9b4e1b3ffab549e
- SHA256
  
  3b5869397c4daaf4badca0590254e90e09d3e25373524d2952ae815432b35338
- SHA512
  
  2aff151b97d1928375f02175e28dcc24fc293fdfa0f44fa3b5a114914c378fce54af54bd96802063470b10ede717715547488c9695e8e33990a51043b375643e
- SSDEEP
  
  196608:mHhByurErvI9pWjg/Qc+4o673pNrabewyzWGPMYnN9s:KyurEUWjZZ4dDLIeTzWGPTNC
Score

10^/10

upx discovery evasion execution collection credential_access defense_evasion persistence privilege_escalation spyware stealer
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  loader-o.pyc
- Size
  
  1KB
- MD5
  
  8358a3f101bf92a60a415708dac86567
- SHA1
  
  65c56453a4244b1df554ed62893a9b1a9440c6b8
- SHA256
  
  640cb2aab4823221445741e72b36b792a21780cd39cec6de960d0175e651b7ad
- SHA512
  
  dc1afe637a7942689b3400326e7af731a0c32d608ab76ec47f480c949a143fd22e32a9a231e28d4572bad4bf17b31fee353fb4d6866541ed23244ab54e3a397f
Score

3^/10

discovery
behavioral5 behavioral6 behavioral7 behavioral8