blankgrabber | 8ea75f0a81dc2e19b57fcafa96df49aa643b4b4e852744280bebdd4fc24434d0

General

Target

8o2l76f.exe
Size

8.3MB
Sample

241004-sc6elszgrp
MD5

51ae5973bd23edcc1f574538e516aa00
SHA1

be090f4af4f2d5d021c90970e91d4beb2f6a7ffb
SHA256

8ea75f0a81dc2e19b57fcafa96df49aa643b4b4e852744280bebdd4fc24434d0
SHA512

acc2111f6efb193b9eae8eaa78dc88744d6cfc102679c2280094005ec25d18e04779171410d4c2300217be1dface9ae0eba012670928b71b9d797b0a5f6c7833
SSDEEP

196608:P6ggVEvwfI9jUC2gYBYv3vbWEQd+iITx1U6nr:rgVEkIH2gYBgDWRMTnzr

Score

10^/10

Malware Config

Targets

- Target
  
  8o2l76f.exe
- Size
  
  8.3MB
- MD5
  
  51ae5973bd23edcc1f574538e516aa00
- SHA1
  
  be090f4af4f2d5d021c90970e91d4beb2f6a7ffb
- SHA256
  
  8ea75f0a81dc2e19b57fcafa96df49aa643b4b4e852744280bebdd4fc24434d0
- SHA512
  
  acc2111f6efb193b9eae8eaa78dc88744d6cfc102679c2280094005ec25d18e04779171410d4c2300217be1dface9ae0eba012670928b71b9d797b0a5f6c7833
- SSDEEP
  
  196608:P6ggVEvwfI9jUC2gYBYv3vbWEQd+iITx1U6nr:rgVEkIH2gYBgDWRMTnzr
Score

10^/10

discovery evasion execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2