blankgrabber | cd57e487ecd13c77c9fa289607ab26ec15e5738dc1c2edef998da730ed28dee5 | Triage

Submit
Reports

Overview

overview

Static

static

Loader.vmp.exe

windows7-x64

7

Loader.vmp.exe

windows10-2004-x64

8

J�I<-.pyc

windows7-x64

J�I<-.pyc

windows10-2004-x64

Sharing

General

Target

Loader.vmp.exe
Size

14.7MB
Sample

240929-tvg1ea1drn
MD5

4a2d360263e0d70effb3257869eb8e28
SHA1

8690352b344998f444ba9f218d514a3129ef7988
SHA256

cd57e487ecd13c77c9fa289607ab26ec15e5738dc1c2edef998da730ed28dee5
SHA512

de02cb6e69d4c30f33ea11ff54452633f27a9c0b912916f265adb688c4bb40f52d8030594205a92888cdf363c44c32e4f7c136e32ad7914fc9589ed6de733f54
SSDEEP

393216:GwcR8E9z+Yb4Ben+oDe8WnJCr72B/Fqyf0gstiAKO:G/RBDy6XXW07O4vjZ

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Loader.vmp.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Loader.vmp.exe

Resource

win10v2004-20240802-en

discovery execution upx

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

J�I<-.pyc

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

J�I<-.pyc

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Loader.vmp.exe
- Size
  
  14.7MB
- MD5
  
  4a2d360263e0d70effb3257869eb8e28
- SHA1
  
  8690352b344998f444ba9f218d514a3129ef7988
- SHA256
  
  cd57e487ecd13c77c9fa289607ab26ec15e5738dc1c2edef998da730ed28dee5
- SHA512
  
  de02cb6e69d4c30f33ea11ff54452633f27a9c0b912916f265adb688c4bb40f52d8030594205a92888cdf363c44c32e4f7c136e32ad7914fc9589ed6de733f54
- SSDEEP
  
  393216:GwcR8E9z+Yb4Ben+oDe8WnJCr72B/Fqyf0gstiAKO:G/RBDy6XXW07O4vjZ
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  J�I<-.pyc
- Size
  
  857B
- MD5
  
  68eb9b334001a5a328da69439fdfb4f5
- SHA1
  
  30794a24e000241759b33f9f3f6855cef6adc0e3
- SHA256
  
  d69409923ae2489b098cb02e842a860ad896cc07e5d9a3a2eb36d77a26415b2d
- SHA512
  
  5b9601249e5715bb6f2f99c5c690d9153919c3440c11069c9dc4eb3e6a339e828ef7197e190f75e86b55db58f2e5d4c402b7c390b4b349b6d04d0846c03a1fce
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy