blankgrabber | 3179e176a06c90654c5b09926827b60c79f9c8d951bb64c982ad531571287434 | Triage

Submit
Reports

Overview

overview

Static

static

BlakTool.exe

windows7-x64

7

BlakTool.exe

windows10-2004-x64

8

��U]�o.pyc

windows7-x64

��U]�o.pyc

windows10-2004-x64

Sharing

General

Target

BlakTool.exe
Size

24.8MB
Sample

241012-xcv14avgmd
MD5

a053448552bfad71ae030068b669ce67
SHA1

260da910d644ca868ea9be489e243c0f7edd6544
SHA256

3179e176a06c90654c5b09926827b60c79f9c8d951bb64c982ad531571287434
SHA512

8877b1f5fa0049e776b0b25f4123523ba29667ed54ab6dc56f0580817a3e71e5761677524ed89589c1ee2a90b3596c79ee9c9dc31b4e559c7d7a490f6875f00b
SSDEEP

393216:nlkVni+kqfp1uhf48a1kq9tse4Yw+LTR2wfhtm1FurEUWjC3zDbd4AC:nlkVqmp1Whaa4Gd+Ll2wpI3dbCh4AC

Score

10^/10

blankgrabber collection defense_evasion discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

BlakTool.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

BlakTool.exe

Resource

win10v2004-20241007-en

collection defense_evasion discovery execution upx

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

��U]�o.pyc

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

��U]�o.pyc

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  BlakTool.exe
- Size
  
  24.8MB
- MD5
  
  a053448552bfad71ae030068b669ce67
- SHA1
  
  260da910d644ca868ea9be489e243c0f7edd6544
- SHA256
  
  3179e176a06c90654c5b09926827b60c79f9c8d951bb64c982ad531571287434
- SHA512
  
  8877b1f5fa0049e776b0b25f4123523ba29667ed54ab6dc56f0580817a3e71e5761677524ed89589c1ee2a90b3596c79ee9c9dc31b4e559c7d7a490f6875f00b
- SSDEEP
  
  393216:nlkVni+kqfp1uhf48a1kq9tse4Yw+LTR2wfhtm1FurEUWjC3zDbd4AC:nlkVqmp1Whaa4Gd+Ll2wpI3dbCh4AC
Score

8^/10

upx collection defense_evasion discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  ��U]�o.pyc
- Size
  
  1KB
- MD5
  
  e3351dc61acbf2dd6e4cf712f5b55279
- SHA1
  
  c50884339bbd32085d34a004f60e3f1bb95a2558
- SHA256
  
  7e6a677be5a894fb29b3fd5ebf2c68b2409c1d54e1f73b6bff0994f2a12b0647
- SHA512
  
  b0492711ca14b800a778a76b9ba2fa5eef6109b673bb40421cd8a7fc34786ed7747d58094ab5ed1211a2b494c781ec430cbbdb7cd47e90161d887c7fa0fa326b
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Clipboard Data

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectiondefense_evasiondiscoveryexecutionupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy