blankgrabber | a5b9c17cf4dd9a6760ccfe66380956c0dce820667e04621ac818c94c42af7888 | Triage

Submit
Reports

Overview

overview

Static

static

PayPal Multi-tool.exe

windows11-21h2-x64

8

��b...��.pyc

windows11-21h2-x64

Sharing

General

Target

PayPal Multi-tool.exe
Size

7.4MB
Sample

241011-v27p3syhnk
MD5

296ddcee049ee196f9e571f409ef43e8
SHA1

2d3da315df8275bf6a74f05f3f7d1f9b49393693
SHA256

a5b9c17cf4dd9a6760ccfe66380956c0dce820667e04621ac818c94c42af7888
SHA512

de018b5ca8178a51146b54916294eaed0d02a608864b2f894f778df6f5814dc5901f5da70e044cc7ad691192826230509a0ed677dab375c1065f8381c67c8e7c
SSDEEP

196608:sH0cDe+Ljv+bhqNVoBKUh8mz4Iv9Pfu1D7z:9ieCL+9qz8/b4INuRz

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

PayPal Multi-tool.exe

Resource

win11-20241007-en

discovery execution upx

windows11-21h2-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

��b��.pyc

Resource

win11-20241007-en

windows11-21h2-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  PayPal Multi-tool.exe
- Size
  
  7.4MB
- MD5
  
  296ddcee049ee196f9e571f409ef43e8
- SHA1
  
  2d3da315df8275bf6a74f05f3f7d1f9b49393693
- SHA256
  
  a5b9c17cf4dd9a6760ccfe66380956c0dce820667e04621ac818c94c42af7888
- SHA512
  
  de018b5ca8178a51146b54916294eaed0d02a608864b2f894f778df6f5814dc5901f5da70e044cc7ad691192826230509a0ed677dab375c1065f8381c67c8e7c
- SSDEEP
  
  196608:sH0cDe+Ljv+bhqNVoBKUh8mz4Iv9Pfu1D7z:9ieCL+9qz8/b4INuRz
Score

8^/10

discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ��b��.pyc
- Size
  
  1KB
- MD5
  
  52fc4cf2f5a87b68967f43b70f42d897
- SHA1
  
  25eb8def46438f3d8650aa2d63912608de447bca
- SHA256
  
  3a0746c9ce0ddf076cebcbd6f075f260e9dac6707ce06188fc9ddece5b13968c
- SHA512
  
  7f0a569ee610f33459aa236588d6acbea735e5b50a4e5f2d79d560bbf1774801451739af2a56c7e1ca7eea8221d346e888ff6b9eccaeef7e0c70b322edf1d00c
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionupx

behavioral2

© 2018-2025

Terms | Privacy