blankgrabber | 95c56da417b0c65b2b581e43e97c73a259627362f268f2a5bdb94fcbedfe88a4

Sharing

General

Target

EzPing.zip
Size

16.8MB
Sample

240929-2r89gstgqn
MD5

ee0276dae009d8d1951f0397539088aa
SHA1

50e7bbaf27efaee9fe7ee4617428ed5d213b1320
SHA256

95c56da417b0c65b2b581e43e97c73a259627362f268f2a5bdb94fcbedfe88a4
SHA512

0d3ab88428585a01fa91cee789484d62836f2738f1403f0b01fd1e9a1da3141d9d9092e40c986d922afc522d71131d5ec1211c47b38805ed4eae9d38d137f38a
SSDEEP

393216:J/bjgFUfRL/AYIlHUorwazHF2JIxLrRg3plynswazHF2JIxLrRg3plyni:J/fb5L/IOUwaQJE23MswaQJE23Mi

Score

10^/10

Malware Config

Targets

- Target
  
  ez ping/EzPingFiles/ControlzEx.dll
- Size
  
  244KB
- MD5
  
  37dbeb3e804d61cefed67d1a60dde873
- SHA1
  
  31fb981cc429cd24066363160e49c85fd74df8db
- SHA256
  
  f15d89d9720eedb94c09b1db32ca6a514e9eff2906da91396ffd7f877714911e
- SHA512
  
  7279e2354a9e1a583098bc9f6ff9ec05bb2b526ca151265d4c8c2bb42edd15b3d157425bc76e01b9f0e03cb1c87cb46bc94f9a1f47dc2a79daee784d6122f3fa
- SSDEEP
  
  6144:M6bRKhjsomR8PpY82VG7gP2rxp+7vVNviPF1WANK+5/:M6Yye9
Score

3^/10

discovery
behavioral1
- Target
  
  ez ping/EzPingFiles/Dia2Lib.dll
- Size
  
  57KB
- MD5
  
  be6474b726207994decdc22e84936a3c
- SHA1
  
  ea1d16f16de16b29a576a1b5cc4baa31bc5db9bb
- SHA256
  
  6c4cac68010fe032218efe5e9fcf46eef9f77bfaa5f3bd33f03c5ff77d5a8fac
- SHA512
  
  d204240213a0b509101ae3c9b691e9f6a141946cf3284244f56314183c84d24c1cdaa28661444fb8e1dc018e24f8aae4505c35f9994e368032a9913c9de8ff59
- SSDEEP
  
  768:MQMT4Q3O9ymyKJcy3Xs3y4rV50sds8SzUwHhvoVi+CLr0:dQCye14oGs8SNhgVVAA
Score

3^/10

discovery
behavioral2
- Target
  
  ez ping/EzPingFiles/EzPing.Core.dll
- Size
  
  37KB
- MD5
  
  2f94f2263d597a6bd778dd481c5cacc2
- SHA1
  
  1149a8c2dce3f7929bf68be0fdbdc704237432b9
- SHA256
  
  eafe28022485a6ba87922c88d34cce2f07edb4a4437787aaaac3b5fc1cba6b12
- SHA512
  
  dda90378f55794446d87ce7cf32121e50dab876e2f732aff598b7fb381814aff88bdeb9eae78bc31a06b92f0f6898b400ddee49e731b36701063e4ca81e86157
- SSDEEP
  
  768:c5Hae8DOd0TZIVEvj2QG4XkHRGEwD+3JbvlVnV+/4ulR2:c5T8DOd0TiE4HRGE53Jby
Score

3^/10

discovery
behavioral3
- Target
  
  ez ping/EzPingFiles/Ezping.exe
- Size
  
  5.8MB
- MD5
  
  8cfd471e70105ed5968a6e06d981a68f
- SHA1
  
  82404cb4d8ea53b922d1cdbc988f17860b735f9e
- SHA256
  
  05b1092ed811c5825cb29b66ae20830d14b596f1ed3b07e18b9820a0f5f2a872
- SHA512
  
  3a5f2cf5630c7845357f89b8d209db52e83018a8a32944f5e6ad82be530c5c70619d4dddf2d4d918318240309421b08ce57e790f623298eaeff4123031a7114c
- SSDEEP
  
  98304:QumDSr7vcRHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6nNet3I:QumD6vcRHvUWvozWOxu9kXwvdbDlA033
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4
- Target
  
  �.��a��.pyc
- Size
  
  857B
- MD5
  
  5d85a02eaf54e67fa1af99fc727b298f
- SHA1
  
  3e6c1527f5c0a8b468ef682ac1af125703cec53c
- SHA256
  
  050eba53f980d28db4aa7a210bf51c16ca023360328b765aa7c020392d63089e
- SHA512
  
  e86f18de9b08ad80922d39a0689c2adaed4e19c0ae91515e19adacb9a73460beb0d245ce2116c2969961b991099082342728f960ff01ebacb6fadf30ba24e051
Score

1^/10
behavioral5
- Target
  
  ez ping/EzPingFiles/Licence.rtf
- Size
  
  13KB
- MD5
  
  ded7630c6e7a7d643ea2af6ca348b5a1
- SHA1
  
  ad8b28a55ddb0783b2083eedb1b5bbb13e65d4f5
- SHA256
  
  bd217f0b16b9a98bd3582261eb2b2b8628d1ae74d6949a496a37c89caa039315
- SHA512
  
  7555af974333dfada3d90abf37f9bf610e31d1abc4a45898fa8b274c42122901048a9ec49fd03c7b7eb86b42743c05f1bc7bbbce2105df22bb7a5332cbb1d154
- SSDEEP
  
  384:q5dfUUi0cMUFavWKZ/3X+uaKd29u0nQwJXh2:qPGhcvW0fNsA
Score

3^/10

discovery
behavioral6
- Target
  
  ez ping/EzPingFiles/MahApps.Metro.dll
- Size
  
  3.4MB
- MD5
  
  4c6ee8f47105a84521fc4b30165c9454
- SHA1
  
  cd378771c395e0de6c3087f9a37a9c8a51387c76
- SHA256
  
  7d73c79b4bcf30c079da8fc9e8c520e79247241a74956b13b6c36dc2290ecc88
- SHA512
  
  c99f99427ae5058ede11bb1c8a176c84ae7d04ef55e46aa58fe0734e6f4aefcc1ab026c97df65789d020601de9d9fa530cee6e26b57e478dcd18a21b58bc00bb
- SSDEEP
  
  24576:fHk2ZORG3QU7qDL2PtBLhM7RU7R2/8QcVRt6y:fHk7G3pdmRU7R2/8QcV1
Score

3^/10

discovery
behavioral7
- Target
  
  ez ping/EzPingFiles/MaterialDesignColors.dll
- Size
  
  295KB
- MD5
  
  0b3fa388485ac78ef83d1221ba6693b7
- SHA1
  
  19c8555dbe8566b91a0344658422bac8f5933e6b
- SHA256
  
  9fa38197eed5ca1fac2d056fcfd2767a74648bc836725d255477b251567badb6
- SHA512
  
  4969bd704128cbc091bb40f8575690c7479fe2b54048009c6eeb91c1f1a0100d58195d62243712f6fc1d4dcbb4d227596e09e81c45de0b1c7d656ccba65a2d5e
- SSDEEP
  
  1536:EBuHdH8tB0AyG1iW0BcGgHYiBN03U7fKoVxb8S6E45tps0B6IxcE+G09qSoowoO5:JVrAtVXt7fKoVxb4l
Score

3^/10

discovery
behavioral8
- Target
  
  ez ping/EzPingFiles/MaterialDesignThemes.MahApps.dll
- Size
  
  108KB
- MD5
  
  f7a3e92bd33086309cd964d6bf750682
- SHA1
  
  14e358b9f26e5b008be1de5ae45fc040848a700d
- SHA256
  
  a39891261ee3d9635c5a6aea7f7976557f1954f745ecfe7a0cd41d8e7e339a49
- SHA512
  
  d1bfad365eeb5504442cf4ae48b8a104c41f02c7239f0bfada69932453d0ce8d8aa1f4b7afc1ec218641e322c8ddaa674d1d02119a5fa80ce8d921edaccf3137
- SSDEEP
  
  3072:tqEwPEuc26hjmDRHqkXslLTQPTC0X/ACNS85L5c5P5JFiZr/wbNkLkckPkJ4H4wm:m7DRHqkht
Score

3^/10

discovery
behavioral9
- Target
  
  ez ping/EzPingFiles/MaterialDesignThemes.Wpf.dll
- Size
  
  7.8MB
- MD5
  
  5cea9e8224b3b065bd872e6a319c4afc
- SHA1
  
  ff39e380d646042bb2dcb3f00b753532a5a327de
- SHA256
  
  9b24e7377cf03ed93cd76c4e11330e2c67cc42e2875a97fa50b9a036a005f75d
- SHA512
  
  7ac8e8f4c5de5b6b376315960235fab7199da8118cadf5d49adb03ce22c891311a0e614cb037c2282161ae33257fb460e0bc51deb4468f5d2f2a028274fa832f
- SSDEEP
  
  98304:aXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCR2fShTy:knJ45/9iD54+V11bFv4z
Score

3^/10

discovery
behavioral10
- Target
  
  ez ping/EzPingFiles/Microsoft.Diagnostics.FastSerialization.dll
- Size
  
  51KB
- MD5
  
  bd15bd3c87e0a3ba1f161af2e4afacc3
- SHA1
  
  633dc309175b117bb314ca32a99ad91192b88c37
- SHA256
  
  9b2b2c19ae32072344072a40c6b16842077a19bac04294b2b5f32281913fe95f
- SHA512
  
  0c53d140e0226b5bb85d481a6f9d005ee429af1d7df8a216c7bcc464cc4b08ca4102d84f51c829f0e90894ef37d75989422dac38f61c632acfaeabb13c740938
- SSDEEP
  
  768:UaGaPH2h2VgElaeKE/D/bjHU1rAe0Ly0JQdAiC1MklkraWzmSOxVzVDFHpze686a:fPuEjKE/DTjHI1skraWapJpzZ5vc
Score

3^/10

discovery
behavioral11
- Target
  
  ez ping/EzPingFiles/Microsoft.Diagnostics.Tracing.TraceEvent.dll
- Size
  
  2.9MB
- MD5
  
  6c530ce9c11c3ec95a2ea25c53fe844a
- SHA1
  
  9d6b194bc1bfab2f0176f65110b13f4c39d4fab5
- SHA256
  
  011bed2efa854fe5ba2a36190de5a65f3bd6008603508a1b950f078ed96bbc71
- SHA512
  
  5692235c4a5acfcb99c2923f3ff67929a88cde1df275a145e377fbdbcb1f74e6aaa5cf0866b500c5a59554ced2723d9a33e8097c918fcda82140c752c8f067b3
- SSDEEP
  
  24576:eq4mZp30/hUhpfW8Xt+beEyb70fSU+asFx9yPKbrftpUW:Fvo2pW8uvSU+as/9y+
Score

3^/10

discovery
behavioral12
- Target
  
  ez ping/EzPingFiles/Microsoft.Expression.Interactions.dll
- Size
  
  89KB
- MD5
  
  6a3b9e46c41e42e7b8e1479468d892af
- SHA1
  
  e31c05ae685e51d07808b1dd24ceced9d299ed81
- SHA256
  
  f3b14defbd05493b8573016b08b86e5b5d53b486b0457fd75f67bf8bff04be38
- SHA512
  
  d6416204875ce732edac51e36f267c9cca52f60ba79cd981b388988e435bd1cce87f972a9e90be4fd9a7fd25cb316293f938f45fb645f25a4f62b980a37236b7
- SSDEEP
  
  1536:Srf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEy:a5GttWHXEUx5r65LxXshk8JDIWP
Score

3^/10

discovery
behavioral13
- Target
  
  ez ping/EzPingFiles/Microsoft.Xaml.Behaviors.dll
- Size
  
  141KB
- MD5
  
  6b93b0f937d04d39172f9cd61fe58fd5
- SHA1
  
  54fb26f8b4f11d01573fd1c6a1b532af2b37d687
- SHA256
  
  ff75938fedee596706171916db763ac100bc7164a7346dd739ad61660e068b5a
- SHA512
  
  d3b7bbb09842984147b8dc849ef7467c3927cd8730ccfcc310d6d46bf3070e826d7a1cffc43a2ccc33d5d8521ea07d2c19d766b127fafc71edcf288db187df1d
- SSDEEP
  
  1536:CClZTaFPgnGNXRhJbyC35MilASMJmF0bapI2hJWq1dwpUgcacykfwtQsxspzSUMj:CCPmFPD950+dzR1decbMn5TX55r4j2
Score

3^/10

discovery
behavioral14
- Target
  
  ez ping/EzPingFiles/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

3^/10

discovery
behavioral15
- Target
  
  ez ping/EzPingFiles/OSExtensions.dll
- Size
  
  31KB
- MD5
  
  46fef5782e8928537e82ba86e2348fd9
- SHA1
  
  7d3cb921b426075cac1b94f8616cc6f689894f99
- SHA256
  
  8cee77653448156d7fdf2ce8371ca830f3208321c77fe3e224ed58adaac406da
- SHA512
  
  949b06a48bcdfd482b7f66d81b3ddd0c6d4cdcd0ee034ee2557d5e4a65dabb3a7daef76924b8c9b926bb293c002f50a7c25fb68af4af510e8572c15d9d6ae60d
- SSDEEP
  
  384:5r64fqNNQUwFEhmXB/M4wfxsFG3jqTl6KczfUG9XY1WXPXF0GftpBjBwc4HRN7Fs:5Z2N4EhmXBk4iHj4o9dY6/+iAB1Oh
Score

3^/10

discovery
behavioral16
- Target
  
  ez ping/EzPingFiles/System.IO.Compression.FileSystem.dll
- Size
  
  33KB
- MD5
  
  5e332318ebf17c621351eea927c0649a
- SHA1
  
  58df276290ec61db725101448b2f10806335b03d
- SHA256
  
  9dcd6cb04f38abf56694533a07173159360791eac3cf22795ecf28b489964742
- SHA512
  
  ce6344dab3380cb7f2fe05d35caef7610f72c3d02233e085689f6d27cd9c95a18d3783daf08b71eaf336e9dabbc56808979b9b97aad084e5887964d66997b56f
- SSDEEP
  
  384:DnZ7y2Qea+TaHwtPFeoobtwJZ+zsPZuPWpoWPOKvQpBj0HRN7lDQHRN7ok9flxIp:d7y2da+h2ooKT6MPMKvqWh81C
Score

3^/10

discovery
behavioral17
- Target
  
  ez ping/EzPingFiles/System.IO.Compression.dll
- Size
  
  71KB
- MD5
  
  7d8bd04c191153fdb8d48de9aa584d53
- SHA1
  
  2269b11d9d882e3e033952170d1122ffecef84b9
- SHA256
  
  a90bda198d65c72d7526ba0483b5b23de961a1152cdda8c9feb695cd19d8b6d1
- SHA512
  
  ead9e2cc0a51cce89496773cf5ec6d4eb05a6ab3549f7c4242167b79b12bbcdb40bf93173ea6acc81ba8b691317b8725c88709f0fcb8f0e1b775009dbe30dad7
- SSDEEP
  
  768:PTAt3k9DQxML+cGCAqOqX4O2eRXtKdUD1GZSLagcOMwqfG/aqWI2lyAbe5D1aEv:PTA+DQaPGCxV2eaSLSKqfG4bzbWj
Score

3^/10

discovery
behavioral18
- Target
  
  ez ping/EzPingFiles/System.Net.Http.dll
- Size
  
  200KB
- MD5
  
  6243b50b07cdd14d260680ce5d0872b3
- SHA1
  
  d85a6450bae0bcf9c80f498a49bf60c556674386
- SHA256
  
  bab8785a6656f202b4153c887f5f19fa0075afafe728c24af50bd24342e76f75
- SHA512
  
  a3dd79cc1dda248b8ebee949cd375da99ac46eee6d93adb2172e63ae051fa295ead63b1846cafbb922c92367afbc43cef74c3c64cf095a01cd84eabef53f4b1c
- SSDEEP
  
  3072:VzS560/yk/J3HssPqqGLgl+zX3FKZzSzvG7mH28dZOjc/Ar6M7Ro9UY8sfM117wx:VqJ3HssPqqGLgl+zXkZzn2/y1Ux
Score

3^/10

discovery
behavioral19
- Target
  
  ez ping/EzPingFiles/System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  23KB
- MD5
  
  d9e308fe5f1ac35ce823964288da1ba5
- SHA1
  
  b23c26aa1739d02ba4216cc5b80a47fd1251ab41
- SHA256
  
  1ad2dd7225d5162a0fd3a3b337a1949448520e3130a4bc8e010ec02f76097500
- SHA512
  
  22768d92838a0061435520faae7ab9a8747050776dd1aca00ff874a51be2119a89876c41c1b540dc60354b2741540e1ca88e8e447d81e555ee535a5b92f8ea06
- SSDEEP
  
  384:/qTO1PdhW1YWxvHcWVF0GftpBj/Ic4HRN7sIB6lQg:/q6PSzD+ilIBsr
Score

3^/10

discovery
behavioral20
- Target
  
  ez ping/EzPingFiles/System.Runtime.dll
- Size
  
  37KB
- MD5
  
  469b0b8f124b0cd3bb4154820e7a6e4e
- SHA1
  
  695d5d9bf7238f39ab08bcfe2dbbf7a6095f62af
- SHA256
  
  5527ea385f5f46ef317221cc68b61dcae41892b7b45d8cbf6453b7e920fbddf9
- SHA512
  
  75a49560ddf4905964f787da98baa81d5d9809f71b8411f2ad12807e5c65aa645cf0ca1a12170d7e02f8b04a4e23013ca9edece4425acfb2dc52e6ce66ab1e4e
- SSDEEP
  
  384:km6A7ixuZtMWC6g/dW0WyXWrSVeQpBj0HRN7Rw7k9flxIDbHRN76Pol9Zu:Pl4vHUqWRNcbe
Score

3^/10

discovery
behavioral21
- Target
  
  ez ping/EzPingFiles/System.Windows.Interactivity.dll
- Size
  
  39KB
- MD5
  
  3ab57a33a6e3a1476695d5a6e856c06a
- SHA1
  
  dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7
- SHA256
  
  4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876
- SHA512
  
  58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92
- SSDEEP
  
  768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo
Score

3^/10

discovery
behavioral22
- Target
  
  ez ping/EzPingFiles/TraceReloggerLib.dll
- Size
  
  22KB
- MD5
  
  63d53278de054ac54da51d94d2bc0c9f
- SHA1
  
  66eefa94909b3d8e2ed0f1d366c27d9b261c1a7b
- SHA256
  
  6830c0f1d3f3c17719181e73dd5cfa8ccbb3f3c575329d2120576545103467b5
- SHA512
  
  45aafdc6d20f6eb49f149e6c5fc3930d78d06169c95ab87f7b2aefb13cda1e9072ce7bf5d9d7a07483972ba9d87f7ee98fcf6cd543fa44c46fad49d0a9fd516f
- SSDEEP
  
  384:PoMeAKyr1jSC6JW1m0GftpBjyMi5aQHRN7vzslD161Y7PW:PoMbKK1OBQVidi5LL10W
Score

3^/10

discovery
behavioral23
- Target
  
  ez ping/EzPingFiles/User
- Size
  
  3B
- MD5
  
  e7adf44e5ebfc04643ef4363a9f05826
- SHA1
  
  9dcc0ba98b6c1c754631e3296379992e5882d820
- SHA256
  
  dd388cf1ce23c5b381aeb28068540a0553d197435c6757c4248c406448b83cf7
- SHA512
  
  aead06fc1ca031e17aeaac53a1f6ba4b9db5ac6b069864715d4ac16205b070a866d42bc8ff599db62790cdfba705f9a5f76a71f004388d3ba9c49798cbf469b7
Score

3^/10

discovery
behavioral24
- Target
  
  ez ping/EzPingFiles/de/MahApps.Metro.resources.dll
- Size
  
  10KB
- MD5
  
  b693c893e465588635111d6ffe2642c7
- SHA1
  
  5aa4cd35d5b43249fb2528154284d8a9db0b9b69
- SHA256
  
  a30635748b3a38350617aca01838f7ae401256c8f41c182b6f83b42296864a2a
- SHA512
  
  a6c675784dd8a1fdb1520d7b6edcedfa7a59524fbbc776dcc21a8f78eb8231d1c6240d12c3d9ed8399354e27c8bdfac35e9eb7c0b461d6b3e172948e74522332
- SSDEEP
  
  192:kiHGzDcHtDpvhpzcPWg3TUHfBo+6IhF0DY2ACkVtW/lRODhQkBp3ySNUt4PUgsrZ:kiH3HtDpvhpz03TafBo+6IhF0DY2ACkk
Score

3^/10

discovery
behavioral25
- Target
  
  ez ping/EzPingFiles/debug
- Size
  
  276B
- MD5
  
  ab2786ca885533734f500b065fa9844f
- SHA1
  
  685f2ee166c6097618e5f6de5da73b36abd6e399
- SHA256
  
  a99b74699f7476fa27b317b180070e091589a6b7851c0622e1efeb398c970dac
- SHA512
  
  c01a2a8a8362841f9c8cff7c8ae3859aa3b4449f5409e0424195d1a8cfe92372c49be02fc8ded13c09dc0e8522824ab01abb969f8b5fb50c26242e956898d0bf
Score

3^/10

discovery
behavioral26
- Target
  
  ez ping/EzPingFiles/instal.log
- Size
  
  9B
- MD5
  
  73329564760013a7824ff9d5d1af91ff
- SHA1
  
  85841abddb12dc3591a5990c6527df65a5e63c87
- SHA256
  
  a51a6c19a1ffc7416827e89adf20749d23ad42452c396cf7e627409f2896922c
- SHA512
  
  344b1271efcc084b24e4e75223f1a900ec127c1e979aeab32bfed887712388a7ceeb8bd9e70d5c1721ac6dd1e64d640ec973f9ef16d6f0f85e6870e53edab00a
Score

3^/10

discovery
behavioral27
- Target
  
  ez ping/EzPingFiles/msdia110.dll
- Size
  
  1.0MB
- MD5
  
  adc43f950589b8f44a01470db994e57f
- SHA1
  
  cf7ccce7f2db431df90d8dbfc5200c55d026cd4b
- SHA256
  
  c849b3dbeb8e63f35038356f0a3e53a4116d7acad67599ca668b2bb136fe3720
- SHA512
  
  15d430762ff867f50f221285f19394453553e460169355dc0c2c44a7499d33960b7b153a36c5bce54599c4ac6c7f072576d07d040f1be396bdb8687d15e2cac1
- SSDEEP
  
  12288:YgyupQeL8wx8XhiaMQUjEAdwATQessvmp5ukkgr5yeYcc5eFN1pxxVwHBNiERH:YgyuGMzjEAdwAUpBkJeY15k1VwHBNiE
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral28
- Target
  
  ez ping/EzPingFiles/running.ico
- Size
  
  20KB
- MD5
  
  9ce024299d680feea22ca4457d2d5a9d
- SHA1
  
  4d4b69c179e322d8aac38fc78f2f07f262aaa618
- SHA256
  
  34ae05b0c5a665156a3d55bcdbcc400c9973c88bc9f6ce691c72ce59ef7d6212
- SHA512
  
  64c3d10963d749a9af6aea25a44b2c98ae9ca9b00b5e2abdfa4a0354fd2399d06cd3d864d1addc33d305e6ed181f3c4bd600f58282b734c2c4fff881b00b3570
- SSDEEP
  
  192:zcxAAAAAAAAAAAIAAAAAAAAAAiAAAAAAAAAyAAAAAAAAEac/fd9aj4vfxwZUu5Ak:fc/yjGfxw+Kkw1A8
Score

3^/10

discovery
behavioral29
- Target
  
  ez ping/Ezping.exe
- Size
  
  5.8MB
- MD5
  
  8cfd471e70105ed5968a6e06d981a68f
- SHA1
  
  82404cb4d8ea53b922d1cdbc988f17860b735f9e
- SHA256
  
  05b1092ed811c5825cb29b66ae20830d14b596f1ed3b07e18b9820a0f5f2a872
- SHA512
  
  3a5f2cf5630c7845357f89b8d209db52e83018a8a32944f5e6ad82be530c5c70619d4dddf2d4d918318240309421b08ce57e790f623298eaeff4123031a7114c
- SSDEEP
  
  98304:QumDSr7vcRHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6nNet3I:QumD6vcRHvUWvozWOxu9kXwvdbDlA033
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral30
- Target
  
  ez ping/User
- Size
  
  3B
- MD5
  
  865dde951b4047f5c3b7825cf1149bc0
- SHA1
  
  d6d361c68b9c90097a4447b489a8c0012cb3f88f
- SHA256
  
  38c81313227b275594042a8ad5f170483768dd93df3f64f9093fbfec668bcb7c
- SHA512
  
  bffa0499d4a4ea87d02737b416e61c0775e3f9639dd628d4e3b9a6e29704225be5b596519f1fda508cc07445e127f7c5b193a058222e1683e6718735f32c45a1
Score

3^/10

discovery
behavioral31
- Target
  
  ez ping/debug
- Size
  
  65B
- MD5
  
  fa407834f64df733c50c8fcd4615c35e
- SHA1
  
  236a015abb3107b0cb12e122655ad67ae743f5d0
- SHA256
  
  245fa0bf5cf2d0fe8c239dd2395ca393fc1ebb800f6d15be9ecf3ce8e3c5d405
- SHA512
  
  436dc3ec0aeca86294834295cc1a18e6e1d9568ca99aca12660477cafda39cb65b8716182ba3f340bd1b5beaaf3581a6f8092bc4657a9496ae070f6978b29778
Score

3^/10

discovery
behavioral32