blankgrabber | ee65e6d5aac07c1aaae0ece686cfe4bafedc47e35e5361a92d10eaacf437d18b

General

Target

geekcatpingreducer.zip
Size

7.3MB
Sample

240926-v6134aselc
MD5

774b39cea52663767270aaa989c78c6a
SHA1

14549726aede4491aa8c7cac1b5a8b7e9a962d20
SHA256

ee65e6d5aac07c1aaae0ece686cfe4bafedc47e35e5361a92d10eaacf437d18b
SHA512

c7521cdb850989b8c891ea38fcb0357c6be37984cc4338c41b8d2a9e73c264962a2d8ac8a19b3b3646056a549478b056a0f54af761fbe3371940acc049d988cc
SSDEEP

196608:yOtYieHwxpAfnnWvxpY9v67FxcyvIpDUXmExXKprxMjguqA:bt1eQYnWvQ9v6RxMxmmExXK1xqgu7

Score

10^/10

Malware Config

Targets

- Target
  
  geekcatpingreducer.zip
- Size
  
  7.3MB
- MD5
  
  774b39cea52663767270aaa989c78c6a
- SHA1
  
  14549726aede4491aa8c7cac1b5a8b7e9a962d20
- SHA256
  
  ee65e6d5aac07c1aaae0ece686cfe4bafedc47e35e5361a92d10eaacf437d18b
- SHA512
  
  c7521cdb850989b8c891ea38fcb0357c6be37984cc4338c41b8d2a9e73c264962a2d8ac8a19b3b3646056a549478b056a0f54af761fbe3371940acc049d988cc
- SSDEEP
  
  196608:yOtYieHwxpAfnnWvxpY9v67FxcyvIpDUXmExXKprxMjguqA:bt1eQYnWvQ9v6RxMxmmExXK1xqgu7
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  geekcatpingreducer.exe
- Size
  
  7.5MB
- MD5
  
  f8c63eca8b26883c30d2240008b07150
- SHA1
  
  ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51
- SHA256
  
  1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4
- SHA512
  
  8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70
- SSDEEP
  
  196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9
Score

8^/10

discovery upx collection credential_access defense_evasion execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  �Y��}�.pyc
- Size
  
  1KB
- MD5
  
  9562d12fc250d1d080aea194195622d8
- SHA1
  
  917af341da025e0ac2f9f1cd75c0c825f7db48a2
- SHA256
  
  f8c9268650b42ade5a94ca14cd29ee738a51f9f11de60c293bc90896e8656267
- SHA512
  
  a0a04bea6acd335ca9b2717141185334124a6d2f40a8bf6ea86deb0a591b23931ee29bdade93cc795d45892f8d5ecbf142ebff94eba9a902c361ea5f4d3facd6
Score

1^/10
behavioral5 behavioral6