blankgrabber | 3360f0ceb4fa0e36f3767a4aee69ecfe0098198b655a0993f9119698f45ab267 | Triage

Submit
Reports

Overview

overview

Static

static

Xicors Gen...up.exe

windows7-x64

7

Xicors Gen...up.exe

windows10-2004-x64

8

Xicors Gen...V2.exe

windows7-x64

7

Xicors Gen...V2.exe

windows10-2004-x64

8

Sharing

General

Target

XicorsGen1.rar
Size

14.5MB
Sample

241007-pg4vssvdqr
MD5

2620f203a75349b6924cf1e96a63f6a2
SHA1

cef364175e57f23e10d6bfa79912a4eb0749dc79
SHA256

3360f0ceb4fa0e36f3767a4aee69ecfe0098198b655a0993f9119698f45ab267
SHA512

00e557ea0baa40b5497d23ca072d69575a5faa872ecf3497d35e07b9e89a96c5fba923e97588e4d61381a02203aef88c5b9ed53a584e617f9f6433f1262ed821
SSDEEP

393216:gJJ7UvRJQak2oJd5grZjvKvUjW3BRqymxtH:F1oLCrZ6UjW3+y2tH

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Xicors Gen/Gen! (USE THIS)/Gen Setup.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Xicors Gen/Gen! (USE THIS)/Gen Setup.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

Xicors Gen/Gen! (USE THIS)/Gen setup V2.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

Xicors Gen/Gen! (USE THIS)/Gen setup V2.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Xicors Gen/Gen! (USE THIS)/Gen Setup.exe
- Size
  
  7.4MB
- MD5
  
  d1485c468be8a91baf7dc60d7525cf32
- SHA1
  
  70f3179a1b41b2baf69c3c4b635eef01da48410d
- SHA256
  
  2f1f2dbc47caf96cdba43cd95aa046f6010a7d8cd76e677020d300ff2cc80a7f
- SHA512
  
  84c7e4ad42090be655e5ad1844d935be4bc3f70f1b6c2afa04d701cb80089c2b5e24cdad3dd651b44000ef835512c918a23b4dab6386266b780ca2774ddb7eb8
- SSDEEP
  
  196608:SH0cDebFLjv+bhqNVoBKUh8mz4Iv9Pfu1D76:1ieb9L+9qz8/b4INuR6
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Xicors Gen/Gen! (USE THIS)/Gen setup V2.exe
- Size
  
  7.4MB
- MD5
  
  4ef76bb7229ac9e11a287a111956aeab
- SHA1
  
  fbbe2e73a38333f7121e7af93419df8f8455d292
- SHA256
  
  2842b1f2cf53ea2fef57e93a7c83c7381db33a0e97c13b417b311eabcb0f3551
- SHA512
  
  b2f1511fd4e2a7e8b4dc23c86d82a24db4ffa7fc7885032027c29802a36211d127f34b858a7cb1f2435b56189bebf0b90e6daed004e3469888eeacc1aa78bbf6
- SSDEEP
  
  196608:0o0cDeHMKLjv+bhqNVoBKUh8mz4Iv9Pfu1D7s:EieHM+L+9qz8/b4INuRs
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

behavioral3

behavioral4

discoveryexecutionupx

© 2018-2025

Terms | Privacy