Malware Analysis Report

2024-11-13 18:12

Sample ID 241012-tg48saydme
Target New Text Document.txt
SHA256 9a0ac383db4f12ab8747bd9f357b4370b082c22d6bc23453c6f70af91749c54d
Tags
adware anti vm apt group upx packer backdoor access banking trojan bootkit malware botnet controller clipper malware data collection crypter antivm antivm apt upx backdoor banker bootkit botnet clipper collection discovery downloader dropper evasion exploit exploiter rat infostealer keylogger miner persistence spyware stealer collection credential_access defense_evasion execution privilege_escalaiton i1R0fMOG7Z 3M8u4DM6Fp edixev2G1s TDlc10hhDy RaUfUalMB8 SkCyCAogxr SkIsFTyHuy OtuQmgt6oO zA7w7G4l11 wwhTR7zQfj discord.gg/scamalerts doomrat shadowrat blankgrabber i1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9a0ac383db4f12ab8747bd9f357b4370b082c22d6bc23453c6f70af91749c54d

Threat Level: Known bad

The file New Text Document.txt was found to be: Known bad.

Malicious Activity Summary

adware anti vm apt group upx packer backdoor access banking trojan bootkit malware botnet controller clipper malware data collection crypter antivm antivm apt upx backdoor banker bootkit botnet clipper collection discovery downloader dropper evasion exploit exploiter rat infostealer keylogger miner persistence spyware stealer collection credential_access defense_evasion execution privilege_escalaiton i1R0fMOG7Z 3M8u4DM6Fp edixev2G1s TDlc10hhDy RaUfUalMB8 SkCyCAogxr SkIsFTyHuy OtuQmgt6oO zA7w7G4l11 wwhTR7zQfj discord.gg/scamalerts doomrat shadowrat blankgrabber i1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8

DoomRat

I1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8 family

Detect blankgrabber

Discord.Gg/Scamalerts family

DoomRatV2

Doomrat family

Jebaitor

Shadowrat family

i1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8SkCyCAogxrSkIsFTyHuyOtuQmgt6oOzA7w7G4l11wwhTR7zQfj

6bXW8llvSi

AntiVM

Blankgrabber family

Made by spiggma

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-10-12 16:02

Signatures

6bXW8llvSi

adware anti vm apt group upx packer backdoor access banking trojan bootkit malware botnet controller clipper malware data collection crypter
Description Indicator Process Target
N/A N/A N/A N/A

AntiVM

antivm
Description Indicator Process Target
N/A N/A N/A N/A

Blankgrabber family

blankgrabber

Detect blankgrabber

collection credential_access defense_evasion discovery execution persistence privilege_escalaiton spyware stealer upx
Description Indicator Process Target
N/A N/A N/A N/A

Discord.Gg/Scamalerts family

discord.gg/scamalerts

DoomRat

adware anti vm apt group upx packer backdoor access banking trojan bootkit malware botnet controller clipper malware data collection crypter
Description Indicator Process Target
N/A N/A N/A N/A

DoomRatV2

adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter
Description Indicator Process Target
N/A N/A N/A N/A

Doomrat family

doomrat

I1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8 family

i1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8

Jebaitor

rat infostealer backdoor clipper collection discovery evasion keylogger miner persistence spyware stealer
Description Indicator Process Target
N/A N/A N/A N/A

Shadowrat family

shadowrat

i1R0fMOG7Z3M8u4DM6Fpedixev2G1sTDlc10hhDyRaUfUalMB8SkCyCAogxrSkIsFTyHuyOtuQmgt6oOzA7w7G4l11wwhTR7zQfj

i1R0fMOG7Z 3M8u4DM6Fp edixev2G1s TDlc10hhDy RaUfUalMB8 SkCyCAogxr SkIsFTyHuy OtuQmgt6oO zA7w7G4l11 wwhTR7zQfj
Description Indicator Process Target
N/A N/A N/A N/A

Made by spiggma

spiggma .gg/scamalerts
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 16:02

Reported

2024-10-12 16:03

Platform

win10-20240404-en

Max time kernel

0s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"

Network

N/A

Files

N/A