blankgrabber | cba9d3c5665bbfaf8ca99be66a252cbdca2d70cb6e7bbf701be5c29ce8b5f169 | Triage

Submit
Reports

Overview

overview

Static

static

Zai Public... ).exe

windows10-1703-x64

.Gm��I.pyc

windows10-1703-x64

Sharing

General

Target

Zai Public ( RUN AS ADMIN ).exe
Size

6.9MB
Sample

240929-1pe27asarj
MD5

e3e56dfc58ac982d68a6663d14739a76
SHA1

8cc3f324d96875ff2379f36bb6cf7c83380c0eee
SHA256

cba9d3c5665bbfaf8ca99be66a252cbdca2d70cb6e7bbf701be5c29ce8b5f169
SHA512

0f0c195215ced4d22bb87d63dca0429f146bba946766af29cf579e31f15e0339a13b88ae1de8232b01f8fac4889b969ac439272373af78130b5e493197f940b8
SSDEEP

98304:zzvITBgZRaamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzQZs5J1n6ksBnrNAM3:zjI2eNlpYfMQc2sJhn6ksVR

Score

10^/10

blankgrabber discovery evasion execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Zai Public ( RUN AS ADMIN ).exe

Resource

win10-20240404-en

discovery evasion execution upx

windows10-1703-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

.Gm��I.pyc

Resource

win10-20240404-en

windows10-1703-x64

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  Zai Public ( RUN AS ADMIN ).exe
- Size
  
  6.9MB
- MD5
  
  e3e56dfc58ac982d68a6663d14739a76
- SHA1
  
  8cc3f324d96875ff2379f36bb6cf7c83380c0eee
- SHA256
  
  cba9d3c5665bbfaf8ca99be66a252cbdca2d70cb6e7bbf701be5c29ce8b5f169
- SHA512
  
  0f0c195215ced4d22bb87d63dca0429f146bba946766af29cf579e31f15e0339a13b88ae1de8232b01f8fac4889b969ac439272373af78130b5e493197f940b8
- SSDEEP
  
  98304:zzvITBgZRaamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzQZs5J1n6ksBnrNAM3:zjI2eNlpYfMQc2sJhn6ksVR
Score

10^/10

discovery evasion execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  .Gm��I.pyc
- Size
  
  1KB
- MD5
  
  702e2438d176714695684d82d2d05a8e
- SHA1
  
  32eeab8b5d5f42e0b86c9bcab35c1b5209770c76
- SHA256
  
  62fc4b257d760795bcf849e353072452581fd6fd4ccb6616717e53537a3e7b9d
- SHA512
  
  7da33ed13e5b4d95c8f658f2075207da91561940c64d96662558c229b73262b017584d103312864538f6fd35c756164030fd76180e2cd7f733aedf4ce4e2a309
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionupx

behavioral2

© 2018-2025

Terms | Privacy