blankgrabber | 24f6663b40ab3d9eac774d94bfc8755d77ed2cc40fde44a88195f2bdad34a77e | Triage

Submit
Reports

Overview

overview

Static

static

Msi lite.exe

windows10-2004-x64

8

z*�[.pyc

windows10-2004-x64

Sharing

General

Target

Msi lite.exe
Size

6.0MB
Sample

240927-1y6lhasaqp
MD5

74cf6f212ec845f440eb7699bc09264b
SHA1

f9355d6a92ec9d98cc2903cc2067b3b35254eaad
SHA256

24f6663b40ab3d9eac774d94bfc8755d77ed2cc40fde44a88195f2bdad34a77e
SHA512

c701de0d58d707bd3c30465d8931ae5b84a66c5044598dc952a761b68d2178891f75152b40d381d00aa00757288bd8c330f0face48b2efc6cdb03a92d4d06089
SSDEEP

98304:IpEtdFBgYamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RuBMba3r8q:IoF0eN/FJMIDJf0gsAGK4RuubHq

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Msi lite.exe

Resource

win10v2004-20240802-en

discovery execution upx

windows10-2004-x64

18 signatures

1800 seconds

Behavioral task

behavioral2

Sample

z*�[.pyc

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Msi lite.exe
- Size
  
  6.0MB
- MD5
  
  74cf6f212ec845f440eb7699bc09264b
- SHA1
  
  f9355d6a92ec9d98cc2903cc2067b3b35254eaad
- SHA256
  
  24f6663b40ab3d9eac774d94bfc8755d77ed2cc40fde44a88195f2bdad34a77e
- SHA512
  
  c701de0d58d707bd3c30465d8931ae5b84a66c5044598dc952a761b68d2178891f75152b40d381d00aa00757288bd8c330f0face48b2efc6cdb03a92d4d06089
- SSDEEP
  
  98304:IpEtdFBgYamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RuBMba3r8q:IoF0eN/FJMIDJf0gsAGK4RuubHq
Score

8^/10

discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  z*�[.pyc
- Size
  
  857B
- MD5
  
  ed19167f2d8067a95bc295d81cddfc28
- SHA1
  
  382eb12b4b40294ee5586c3329364635934159e5
- SHA256
  
  92b3db8164cf0e43d4ea97e4ca65393dc67bd4016c96c831cc310cf9d966382e
- SHA512
  
  8e9c4efa472d5bbc5e41f139c1865d4abc8bc93dc55cd48924c60ee823fbc95fa222d944231bdfd6f32465555bd50ae03f9070f5f462b636e322fd493c5dda4f
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionupx

behavioral2

© 2018-2025

Terms | Privacy