blankgrabber | ae96e2a9ff45303355dafa810a0d107be03983c63135ddcb9a7858f8a44be049

General

Target

Logger.exe
Size

8.2MB
Sample

240928-y2f4xaxejg
MD5

fa3bd7cef60c36ea2ac3bcc6f0e61c17
SHA1

64880a1b435eb4dcd5a04d9f63b56755eff4afd1
SHA256

ae96e2a9ff45303355dafa810a0d107be03983c63135ddcb9a7858f8a44be049
SHA512

09ae6841dbd42216f9264fb9d58fe667c98e3d0f6fad210ccfefb548565bc8af7fa395f11ff04519dcdca26bb540ea9a6aad4575bee40def8fec783f31f9e4c2
SSDEEP

196608:/rcccEzRHRrIpLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEZNkfWHio6+95Wk:ms+L+9qz88Ck+7q3p91JmN8M+95Wk

Score

10^/10

Malware Config

Targets

- Target
  
  Logger.exe
- Size
  
  8.2MB
- MD5
  
  fa3bd7cef60c36ea2ac3bcc6f0e61c17
- SHA1
  
  64880a1b435eb4dcd5a04d9f63b56755eff4afd1
- SHA256
  
  ae96e2a9ff45303355dafa810a0d107be03983c63135ddcb9a7858f8a44be049
- SHA512
  
  09ae6841dbd42216f9264fb9d58fe667c98e3d0f6fad210ccfefb548565bc8af7fa395f11ff04519dcdca26bb540ea9a6aad4575bee40def8fec783f31f9e4c2
- SSDEEP
  
  196608:/rcccEzRHRrIpLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEZNkfWHio6+95Wk:ms+L+9qz88Ck+7q3p91JmN8M+95Wk
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  r�t��b.pyc
- Size
  
  1KB
- MD5
  
  c1f3bf4c177afd25862505b23539bc07
- SHA1
  
  512a994e4f58c9952f10043e49d760ed1800479e
- SHA256
  
  7756a2403e7aaa72c5677b93a7ac59b172ede987afb6fbb9e3026e233996bc48
- SHA512
  
  63db60bd9bf51704ed80a43c83d13a32e1416399232786eeb568385b2c2dc22e983420ac275e6c57c748f839b51bdd37be42ea22fabf3e081ffccdf8b5d8ff5f
Score

1^/10
behavioral2