blankgrabber | 4d3284aa833c482ec2bbcb0028d8a42c7a3f47149e93c2d0ae96922e2f326862 | Triage

Submit
Reports

Overview

overview

Static

static

FF GOLD.exe

windows7-x64

7

FF GOLD.exe

windows10-2004-x64

8

Resubmissions

26/09/2024, 11:47

240926-nx2jyaydpf 10

26/09/2024, 11:32

240926-nnp5jsxhqf 10

Sharing

General

Target

FF GOLD.exe
Size

7.4MB
Sample

240926-nnp5jsxhqf
MD5

b1051d78ee9ce097984d89a14dbe6b25
SHA1

1202ed95096058b4f508cddf8cedb83ebe312173
SHA256

4d3284aa833c482ec2bbcb0028d8a42c7a3f47149e93c2d0ae96922e2f326862
SHA512

43b8d710cd1ad959775f3df6ac92ad2bc3222f69e1f2878a887f737bacbb15e669e96eaf07e10e10dbafb9f9cf7cd932d7ff041ee88cc602caad04735579e091
SSDEEP

196608:onYS6vbTOshoKMuIkhVastRL5Di3uP1D7g:uYSeHOshouIkPftRL54qRg

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

FF GOLD.exe

Resource

win7-20240708-en

windows7-x64

10 signatures

600 seconds

Behavioral task

behavioral2

Sample

FF GOLD.exe

Resource

win10v2004-20240802-en

discovery execution upx

windows10-2004-x64

8 signatures

600 seconds

Malware Config

Targets

- Target
  
  FF GOLD.exe
- Size
  
  7.4MB
- MD5
  
  b1051d78ee9ce097984d89a14dbe6b25
- SHA1
  
  1202ed95096058b4f508cddf8cedb83ebe312173
- SHA256
  
  4d3284aa833c482ec2bbcb0028d8a42c7a3f47149e93c2d0ae96922e2f326862
- SHA512
  
  43b8d710cd1ad959775f3df6ac92ad2bc3222f69e1f2878a887f737bacbb15e669e96eaf07e10e10dbafb9f9cf7cd932d7ff041ee88cc602caad04735579e091
- SSDEEP
  
  196608:onYS6vbTOshoKMuIkhVastRL5Di3uP1D7g:uYSeHOshouIkPftRL54qRg
Score

8^/10

discovery upx execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

© 2018-2025

Terms | Privacy