blankgrabber | e9886d323842ce9b10d8bcf64862b3c1149dd07d5cab6ce247ada61aa659f134

Sharing

General

Target

log sender.rar
Size

34.3MB
Sample

241013-2wc2vawfnm
MD5

e16aa72ce57590a01716f03770f25191
SHA1

a8d5ab7684dad592df92dd2efe389e3f7a7ac698
SHA256

e9886d323842ce9b10d8bcf64862b3c1149dd07d5cab6ce247ada61aa659f134
SHA512

27bcd55e3ca3a1a9e7055c2b5f3adfaf247897c7129145b7a53eb2f7f492d23e04300c07dc48d494c6eab1533b13ab56d2bcb98288374e6d689c9ba4886e0538
SSDEEP

786432:FPelV54Q3iW17PPLLQjPVyUaBPz94FrAodT5XDBzDmco5eq18u/BO:+9AjN5QPArAonDRDiDpO

Score

10^/10

Malware Config

Targets

- Target
  
  log sender/DotNetZip.dll
- Size
  
  462KB
- MD5
  
  79c304e621ffbb4611b698dc2fb9dc41
- SHA1
  
  30413ad0c9e2f955ec43ed9dceb156edb11c419c
- SHA256
  
  46103e4d053be472f1c85223a43e179a5f022df14607febf6f48837473bd3e9d
- SHA512
  
  fef8764cb5f15444ef8dc6877bfd45133af019a87158c701a95c87f3297e32e27607daddbf4aa365133d60fc3f449acfa4f5c003ffd478c59d7940154d9ab5a9
- SSDEEP
  
  6144:iF4lenKdxBoW6iev7zBIL09vdGtSV41kJDsTDDpBnse6OVxLV/xgaqYN3fmxalo:iF4lqKdxBdheDES4csRBse6sfzVca
Score

1^/10
behavioral1
- Target
  
  log sender/Entropy.dll
- Size
  
  104KB
- MD5
  
  d45282966db7731687135c76963634a1
- SHA1
  
  8f217e0b15846a45f7e6e528e5f99ef425efe4e3
- SHA256
  
  68310ea51caca38b53b4ae3d5eb7a24127da4b1021c36963e77a0dacf4aeff73
- SHA512
  
  98f1035130a3126fd1613f1ab23c5328a763d56dd2b211d12ab2a17529a3ed1c2542a8f00cfa3ca7224e1d7d9e2dff378dd90a8adcd72f1566175308c038d943
- SSDEEP
  
  1536:GaQAfp1LJb4vLl8JWOKweLZjdtey2+0A1afQ9EUWtgCNC40fa:Gifp1LJcjl8JWOKweRdEykAWtgCGa
Score

1^/10
behavioral2
- Target
  
  log sender/HandyControl.dll
- Size
  
  1.7MB
- MD5
  
  f68e64637ac34443ab8fb83bbeab2bf7
- SHA1
  
  82e5a63b21f02ff3ac651a203523fb473a1aead5
- SHA256
  
  471a6ce1aff5b635df599f21cf3e4894d9e893ec9d42d733f9f5c3672bdb8383
- SHA512
  
  e41119634301244331eae3ed13b3a739e68b2a45a1f8c08949d37bce7d189687568cc19c382749ab906ef536305bd1f14d4462e2d27667af256fb047d1eb4eb0
- SSDEEP
  
  24576:qwr+FdUo+3uuobzeXEF7qpILuLUiOBqiIiGiXiIi6ioIP7cTq2b6s8uUpWGGv+dN:q1+3ubbzapdMvw0GcZ
Score

1^/10
behavioral3
- Target
  
  log sender/IpMatcher.dll
- Size
  
  12KB
- MD5
  
  66b5ee1af1d75592612e24bb1bf10072
- SHA1
  
  6a104e3338f1534a1233872574bf4e00535154d1
- SHA256
  
  318d50f35b83ec3a2f0fc339d4155c47d2d9ddf3444047934bbcdccef8167e39
- SHA512
  
  213af0bedef1c1e66169cce7509298b872f09e56972781ab3db6d2884c63200ea35d6e815b28d8fa97d92a385df3a9af80bc5b0c03d416e0551a327a199fb403
- SSDEEP
  
  192:2gZAuCfvti3mt3LjCm31CLiQST1YuDIl4TWQelDoFujH8Z:lvCfvti3mxLjCm31CLiQST1YuDIVTlDQ
Score

1^/10
behavioral4
- Target
  
  log sender/License.dll
- Size
  
  16B
- MD5
  
  26a0d549d0987279798cb6421d2ddfa2
- SHA1
  
  ad6c266dee68a51547f0baf7ac57f52d56cbffb1
- SHA256
  
  a329ce0d40e38a0126731c4f47d638995808b2afed73ec3e430909b213b232ed
- SHA512
  
  a55d1bc5537e856e0b16efe2b3b38a26cf5e020d008620c74239b7c0247bd8ba9b470e8c36fb081357c7c6f11f28640cdfa5ee3e269b47fbfc247a2f1e587178
Score

1^/10
behavioral5
- Target
  
  log sender/MailBee.NET.dll
- Size
  
  1.7MB
- MD5
  
  0b309ea2d92164c41937efc3c4a75cb3
- SHA1
  
  9ed899ea9f15c69d21b81f57d74d9d07c4d8cd0f
- SHA256
  
  7428e138a0b2a9e87f8c47076074d29e8d9ba18e07784db6d568ec15cde88bbe
- SHA512
  
  4695fc4e240e1a3ec8ec14f984c3c0191e4c265ea9b7bb44529bf54fd4365d2d09cf5110138c66896ab71512c7b7a36da0eb63202047e705375a4ea1467eb6ae
- SSDEEP
  
  24576:dDMgcE4ilhMM9XBav0OvQRka9P7mijqMaP7P:dDMgcWfMM9XBQ0Ov0mi217
Score

1^/10
behavioral6
- Target
  
  log sender/Microsoft.Bcl.AsyncInterfaces.dll
- Size
  
  16KB
- MD5
  
  1e79035fda3aa29bf70f9df1023ce3ca
- SHA1
  
  847ab97b81dd1c83ae196307b52d8ae983ec5b8f
- SHA256
  
  fc3827cfb6834f0ffa6cb76278f309a3b598ae01c751f13fbeb57886e4168943
- SHA512
  
  338550a154ce6f876e101c5d66cd78a04126ab9236c3fd1ebc124ee9db1b72f8a16f1ed6f857fb773581326ac5fc808939b7d3c9fd529123137b48ef4bf9b768
- SSDEEP
  
  384:DOJWqnwnBbNA1kq40VES2j0cX6dAl+NW2VzrdcmDqxRWeq/Ws:DulwnBhYlTVv2wK5idcgF
Score

1^/10
behavioral7
- Target
  
  log sender/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  69c1a967b27ef8657e8c6665de47527b
- SHA1
  
  34bb58f3d27335bd055d297bc52ce2146698d711
- SHA256
  
  3be4fda7b6bd04e9aeaabf973ccc952afb5c0a6aa0fa672831ca82df218df84a
- SHA512
  
  1ee211079618d3b019e0b89d984fc8fef5ad359c312104eee46ce5ddac74271f70fe0d61967e7fc325d7e0181760ca265dc547300237c32f2e35ecc14d3b7f58
- SSDEEP
  
  12288:CLnRIXzZu/3yNFCU8xF6xc8yNRaVjI3QMDajj1HiiiR8MJhBB0ihT1fWNUwHOvWG:inR0Q/3yN4U0Wt6MBCjCu
Score

1^/10
behavioral8
- Target
  
  log sender/PresentationFramework-SystemData.dll
- Size
  
  8KB
- MD5
  
  dca6f1b8644df5d0890a7dbc6411e86c
- SHA1
  
  27066bf658df2d398aad6003ae8496dcf015a4d5
- SHA256
  
  48883bd04158c2456ea1be831b559b594fb86199c0d9618e7c3fde45a986ab26
- SHA512
  
  046020ad671d37935eb674988186eb6a8a28b093887f572a4604781be3f8fc6d9df96a00580f352789bdb7ea0f8ebaf6ee3cf13c6be5118bd1df290a3487742a
- SSDEEP
  
  192:cmBvnnwQh8N/UH6AKwBz1o5fDzupoiuhuWHsWYSW:cmVnn98N/Y6m3o5PPiu0WHsWYSW
Score

3^/10

discovery
behavioral9
- Target
  
  log sender/PresentationFramework-SystemXml.dll
- Size
  
  8KB
- MD5
  
  160928813e7cafd92bd765bdce4c18db
- SHA1
  
  85b11c0d7469a9fc8d2c297e35665b41ee73c754
- SHA256
  
  872673e0e79265978bddeb5b5c410417d553920bd373a9976a33fa1549f4b563
- SHA512
  
  6de533acef8efd4f15a0a2155279a0143f6c86d91c39a41d7683195a868e48bd1850f750d6d6c635ad33df48da5a8bd152aa5fac29534de9b22f6340cd836380
- SSDEEP
  
  192:Yy/Rs7qoQh3vcXP+dKsY1tsbCyo+hCkPd2JCWfDW:Yo4TG3k/+StfyoMCkPd20WfDW
Score

3^/10

discovery
behavioral10
- Target
  
  log sender/RegexMatcher.dll
- Size
  
  198KB
- MD5
  
  44e7acfa4b123af014f21ce4286018da
- SHA1
  
  716ac3de5015c3b5e60332e7062278a072ab743c
- SHA256
  
  9787a9a2cd79ba6fff3398e5cdc883c5ac1817c088d73fc7933f414b5d914830
- SHA512
  
  3ba06f536257131092fd5c6e3125a5b2e2ede2147564fac9eee8af71d05e57b91ad6a328938516d544f02161a62cdb2442c4bf36c1ca4ae1f264f769e6341ba8
- SSDEEP
  
  3072:L0Mw8b4aPAYD4XJfuLN8WSdEJ15Kxa8pMvr0/f72QPY4wOd7hGHqVMvskjOVcML3:HiVfSCD
Score

1^/10
behavioral11
- Target
  
  log sender/SharpCompress.dll
- Size
  
  558KB
- MD5
  
  a582e2f7ccb5875c188716b5e5bc84f2
- SHA1
  
  0f1bf79fc02262614038205bd20709dca2ceda62
- SHA256
  
  f7cf666f0bf661f63ae3a5e531516fd68ac9353471faa78443f21bfd0a5f2f4b
- SHA512
  
  76d036be7840b2e8382753a4dd745aadcb6575e8276e335a2cad9fd46793bdba786d1b32c5e08e43192ed86bb319d6706ca9ae8e061a9fdd96987fe93b0384fc
- SSDEEP
  
  6144:ZcdsAgdCvxAlzRRs3+nZgA31sKLQ6RGk6SOZ3YuK/FhLDrthTjVjTap23T7nAEzq:e1xw1sKLPRHFhdCgT7Li3Mc2Cb
Score

1^/10
behavioral12
- Target
  
  log sender/System.Buffers.dll
- Size
  
  11KB
- MD5
  
  0bfef61b203054f6fbf08419ffe3f018
- SHA1
  
  ed9d0418507630996eb2c473ec5daf11d185c2c6
- SHA256
  
  d838c40848daf87743e96d42f8db18bb66a0b27cff5a48926a85a61c2d3e05b9
- SHA512
  
  4e848c56e79a7df025bf2fe2879dcff5718e0f81d804e82c658fa319233a0431ec60955ce3fc3ed4dffb9a823ba770dc6383e88c97316cbf263c7ea8f55dd051
- SSDEEP
  
  192:CpsZpZD2wrM771vOC9yXOfcgSQfAxRyMzwWvYWJea:/rMdp9yXOfPfAxR5zwWvYW8a
Score

1^/10
behavioral13
- Target
  
  log sender/System.Data.SQLite.dll
- Size
  
  392KB
- MD5
  
  147328def2e79a86d7335a661eecc051
- SHA1
  
  98ff30131d77cf28807d50b97cc92cc8655e235c
- SHA256
  
  7442d48a24c1747cb17d80e95c4d7343de16e14a252484ace3be3fae55b1d641
- SHA512
  
  d26f6627f09cab90ae545df68f2df006f0beb988cfadb16f6af56a454e854a9b9c10d2ce787052b80536f9d05b7286d57e42f361f54944e20df99b3c1c49aefb
- SSDEEP
  
  12288:Omfjeeb63oRXFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5c6:Owu3oRrP
Score

1^/10
behavioral14
- Target
  
  log sender/System.Memory.dll
- Size
  
  129KB
- MD5
  
  1d3dd9fcc077e6b4f88c05b9aef53ee6
- SHA1
  
  12b33858bc84f54b8aa8dbcb5a0ec2da043a6f66
- SHA256
  
  d5235265564f0bfd23b7279d7bdccc9ea6383ed07c5d0bfdf6c99029af9a2c0c
- SHA512
  
  81ee9aaa809219c6989b648af1cd6f91d229823505ace58314bbf552a985ddbef7d8fba8703948727d92da94070834b5879ae47451fa98982cde16b36c771c69
- SSDEEP
  
  3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rc:OB8l3/aK32
Score

1^/10
behavioral15
- Target
  
  log sender/System.Numerics.Vectors.dll
- Size
  
  97KB
- MD5
  
  4b874a3043d5e3c133f4c35863159638
- SHA1
  
  3a7d21700497d81c41193544b7ea913032d0aa82
- SHA256
  
  1e02248fc226f1813f9a473aaf8dc9bd264101a6e371ddb73e145c0949834d47
- SHA512
  
  79610311e52194896b36b0b13abd051b537479a63f8364556058528c926bad76ed63bdda84a80eb7e1edc657e250f29199b360ef438e323abc234d3e7c85808b
- SSDEEP
  
  1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/:nWw0SUUKBM8aOUiiGw7qa9tK/
Score

1^/10
behavioral16
- Target
  
  log sender/System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  8KB
- MD5
  
  345387015bbbdf8d45187868d6ddb6bb
- SHA1
  
  d41dd3e44f4af8c99d5fcb9570ff207f7ccaa296
- SHA256
  
  cc927d8e2ad4718ab95cd000ceb6ff66a5e946e912a1b45f4a5047a920ea7abb
- SHA512
  
  33079f1222ee43685ea5fac9e5ed3978bdb1d1ebc6c56503b4d03d1e8a5945ba1ae82e93068c992af3d2f786655fdf414d71f5b664462bd5d6189653244cade7
- SSDEEP
  
  96:VfadsTzLgxRjkbFqBdkXyIpErWrBUn4E2cMbCuAurxvVEDJD9+WB2W:JmRIbUEXysErWdrbb3Vrx9NWB2W
Score

1^/10
behavioral17
- Target
  
  log sender/System.Text.Encodings.Web.dll
- Size
  
  67KB
- MD5
  
  b16e56d9f5ea045deb182d32b0e358e3
- SHA1
  
  f779333562fcfcc5abe9ee0011eeefbf686ccee6
- SHA256
  
  5d5f04d09f776e5f58399cdd700baa9410ed5605964f67ac2a77835155e3aadd
- SHA512
  
  3c5f2676fbab44c21f73d4baf478cf5ffc8694833766e070a4886a2e2925ef4d75f818d4897b99d53fd8f35d81b0addc6a2450cf61c536830658d2e6aefadde7
- SSDEEP
  
  1536:4OO7OOOc2yIDmBkKQh3rt7jUGyRG/mz4CRLf8ocVW4t72:fyMmXQh3rNjUFG/mk8f8owW4s
Score

1^/10
behavioral18
- Target
  
  log sender/System.Text.Json.dll
- Size
  
  558KB
- MD5
  
  974dcc116cce9ef07630a4643113319c
- SHA1
  
  6560284a2b5cf2c152c7fe9db217d4ea28b1d354
- SHA256
  
  6d03d62c3e5b2c26a2ab38277f6b3e1e4760beaa890760a7d8ea6562850d88ec
- SHA512
  
  caf2a16d695aa57d772a6f0e75838ea8c1135ce4e1eb049bd3dc9e1d685b8ebf9e3ddf1b9b443e31432578ca2d73ec68b5d7e6ada7040f8dd955220b3457847a
- SSDEEP
  
  12288:Wo+rY8ZyAVNXL1VPGSEhOiUHsHEg2A9fc:WhxXXrPGSR52
Score

1^/10
behavioral19
- Target
  
  log sender/System.Threading.Tasks.Extensions.dll
- Size
  
  16KB
- MD5
  
  0b3ea0befa836ec2d35c6bd59c134971
- SHA1
  
  5636bc9dcb8b770e57847008dbfda378c0860f69
- SHA256
  
  1764c46b9b21021eb38ba5eeeedcc41dcebb727fe986bf235a931818b2d4c945
- SHA512
  
  d64fc25354afb260ccf588a6ef1ce05d8750389f84ba8695425e7a731ce3f931460c923adcf7a0f47a092f0ebee49ac68de53fca1deab4f5b7a55922a52c7963
- SSDEEP
  
  384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8a:1RZ4nNxnYTb6Blh
Score

1^/10
behavioral20
- Target
  
  log sender/System.ValueTuple.dll
- Size
  
  4KB
- MD5
  
  fcbf06301c751b02044ea45025725a0b
- SHA1
  
  a31d1ed311867f14b9c0ab2151725c8602e948f0
- SHA256
  
  acbdaca29427fcae3a478aef71df7324db1e67c97070307da7eb4ce8e3a46552
- SHA512
  
  3ddf539698372593977da67bb604645f3ac885c8951d196537d0f40e31fe8da20909d4eace345fa331d22c3900071cab71ed82071721aa37351150e6b19d62af
- SSDEEP
  
  48:6mbhlsiaKa8UySPsr1MfvzD9HDxh5JYstZWih3tRE6URB5WA+t:DhlatyYsBaD9HDxh5BWWE6WfW
Score

3^/10

discovery
behavioral21
- Target
  
  log sender/System.Windows.Controls.Ribbon.dll
- Size
  
  717KB
- MD5
  
  cc525c252df576029f7e57314e6adc70
- SHA1
  
  494a86031ab56bcd902aaafdce2da075d576e98f
- SHA256
  
  5247998b746043a4a1ab78f198246c2db06ecd0fd5705f2ea95d7eee8fe3a9a0
- SHA512
  
  c2540b2c154be72984c9587a3a9fbac8d372042bcf17e2034fe7b04681c9afe21f0466a73c2fa252bb88e6aa9169c5d95c67c18ada6ad0d907ff95a18eb0d391
- SSDEEP
  
  12288:E4Hw9HSNAqMDcnexymWQxOXlzEOIF6HX6:E2S4nexymWgOXlzEOIF6HX6
Score

3^/10

discovery
behavioral22
- Target
  
  log sender/Timestamps.dll
- Size
  
  10KB
- MD5
  
  4b2471aadcec7bd1eab2601df5481054
- SHA1
  
  23dd4074bdd1eef28fbe67a3457439d5fde10635
- SHA256
  
  6e4e2d5b112b63a313106201916e72d4e3676166c356a7b4ea3d8b7a5d2d8791
- SHA512
  
  55629b5a2834a84bfff65bbf37d07b4d191f8a54ff74b7ff3b22ce5dc9384e58b30b09227975c6152175f4ce7eddc13123471295b13601d7d5f845b5a40101d8
- SSDEEP
  
  96:5Prxf+B/5+wbGMt6xwHuWTlX1ksDffNBylv9dNSPGE:51IaM2wHXFksD3NBwlSGE
Score

1^/10
behavioral23
- Target
  
  log sender/UrlMatcher.dll
- Size
  
  6KB
- MD5
  
  e6465bb6e46b268cc3f9ac5f48a0b7d3
- SHA1
  
  cb00f544b9807c1726afb3a204d93d111f574d05
- SHA256
  
  6e1849045417ef7cdee166f1ea716a0e6f3b53325ce663c3717ce2956d0cf01b
- SHA512
  
  d3279069927de28d801b805a9654051e3842f1d38080c6bdb0b50fed8cef922185077027b84f60e572e5afe33870015d8c76e51b85b955ea074deb43df375a42
- SSDEEP
  
  96:gN2NLWYEZJ5x9B9xUwaYUvZLcJ9Dse1Hgh4D7iEvoE:FyYwx95UwaPZozDse1Ah7UoE
Score

1^/10
behavioral24
- Target
  
  log sender/WatsonWebserver.dll
- Size
  
  117KB
- MD5
  
  1468c3a734158dbcec248bd5a81d47a5
- SHA1
  
  980f68614034d35b62c5b7b93ad70e78e6e9c285
- SHA256
  
  088df5ea7ba309e83984a539126994167394047a334cefcf5ffcc3cc30086272
- SHA512
  
  810fd2facc4a5ffb17c4834ea43893417e3f1f08aff841147a6ab86ab342c259a17cc6cf2f7574fdf5fec00bfef1d5ba05c95deb7ab6f39e89c39b4aeb086ee0
- SSDEEP
  
  3072:tnHMizMvhD1RwdNRa5dyC5C7Z/2VQvxe81ulYyMro64Dh2i:tnqJwNRLFvAWyJ662
Score

1^/10
behavioral25
- Target
  
  log sender/logs bot.exe
- Size
  
  894KB
- MD5
  
  ac2c05fb13ae53e3d6d38ef3a8815b0d
- SHA1
  
  baaf57949abcad93a9247a55746fa517e495f048
- SHA256
  
  efed9ff5c81d6d2a63f057e9fc5ee2d15b85a2c51df4a92c17d87cc8b529a2c3
- SHA512
  
  5d55fb685ce2bf5d3769a8c8cf48efdd961a4c8609cdeadea1a3062bb5dfddd0e97da414290daea2798733b8815dcd33786a27c300cc7aa578c6ba3b746b05ed
- SSDEEP
  
  12288:sMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Q2BVko8kufuAj:snsJ39LyjbJkQFMhmC+6GD9TBVkNt
Score

10^/10

redline discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral26
- Target
  
  log sender/x64/GoSrp.dll
- Size
  
  2.6MB
- MD5
  
  8f5f6ee061242d609bd05b48479d887a
- SHA1
  
  0005089c13ba90f2d150a6e117bf463a6e28af54
- SHA256
  
  6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2
- SHA512
  
  f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa
- SSDEEP
  
  49152:IW/gxY8qgo2P+vrBQiDSLDBK31Al++gMrL+:cxYJgo2o5k/gEL+
Score

1^/10
behavioral27
- Target
  
  log sender/x64/SQLite.Interop.dll
- Size
  
  1.7MB
- MD5
  
  1288823e8e1fca09bb490ce46988188d
- SHA1
  
  b07fe4a5d032296e3a7d0727216af8c1d2166e91
- SHA256
  
  6514973856d1767ccb375dcb253400e710fb4f91feb758041d8defe92b1886c5
- SHA512
  
  88967f64116951092a54118055eab462082f16676ea7565f42515e88765813b53cdfbba5181318e73b668e04ddd030a0bfcf5cf47936772f68df85488b865acd
- SSDEEP
  
  24576:xcpbyKNk5l/+ddQOJ3e4vYb0XrdhCplVv1GXOO4PmhFGYHnRELAqqU:SpbB0l/+d1c0RIJvGZ2anYqU
Score

1^/10
behavioral28
- Target
  
  log sender/x64/expections.exe
- Size
  
  6.9MB
- MD5
  
  67bd9f22aa4be183ada57401c1c42508
- SHA1
  
  8310672c3b2990cc29d3b7aff0bf22dbb2183c48
- SHA256
  
  4ca9efa082fda6d25b7c24ea3cd84cafb91986a3130e3d4de2348edaabf7e430
- SHA512
  
  66cbe7119b7dcc75fcf24e0890fbee7aef34a0137dca45672ca6032b81a55f112b4980d7d9a83884092a394cc373da979167efac4342b790427084f2d7bd2ddc
- SSDEEP
  
  98304:PbDjWM8JEE1r6bamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFc:Pb0heNTfm/pf+xk4dWRGtrbWOjgWyF
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral29
- Target
  
  log sender/x64/runtime.exe
- Size
  
  16.8MB
- MD5
  
  f3068af2a33ef21d9d3c2369653d243e
- SHA1
  
  f1a3aec4928e125897746bdc4941f038c5e8de03
- SHA256
  
  e4cb30bd56b303d174e5416fc8b884ce722019afd0654933379cd09b0f1967b7
- SHA512
  
  9f659b99b1b07c8d34e158e4725030ef40034d35a45965f149206edd0937b6eb1899a7117606db85bb879950d2386abc3f7a909856a6d1683dea486e03e142d7
- SSDEEP
  
  393216:mEkZQtstQdqldQJluIF3MnG3oTl5hFBHeZW2pRZ5YHTy:mhQtstqudQt3MGY35gZyz
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral30
- Target
  
  log sender/x86/GoSrp.dll
- Size
  
  2.3MB
- MD5
  
  b1e99d702b0324e19b8cdc5aa8c9cd2e
- SHA1
  
  1473b708f7c516dc31612c74cb773396f3f7ca93
- SHA256
  
  e2a69763eb347b86c5426a5028650388be585df43cbf03beb576acd095038296
- SHA512
  
  3afec80909a88ffa8a760c6b156e998504f148455bf514512bc8812e390c59835e9a8cce57b041154c894915e47c40750eab66d84c4d7eb1f0257cf177481442
- SSDEEP
  
  24576:Z3rEK7jLQfvtqvZ8UaqvFbK8qUhk8GJXiV6doA+4MHPEBm3KXUQwFAR8YtVrm7C8:ZQdkK8qU6BWStV+Cz8MVZ69rF1Mr3iHr
Score

3^/10

discovery
behavioral31
- Target
  
  log sender/x86/SQLite.Interop.dll
- Size
  
  1.3MB
- MD5
  
  9b68a8d0393fbce1976c19107422f097
- SHA1
  
  b645fc9aff04f1de9d31d4c4b965ae0a1e3549d0
- SHA256
  
  f16dea838efc5b074f8d8b2f8e14ab77ec744648b1d5dd550456c2f99c12bbdc
- SHA512
  
  7989b760012fcab665591c2528d8ecaead09cd9cd74a7208ef6177b36581d381574d007a31bb4c55da7bc793000bf71be546b1caec59c380ab8962ea2b719933
- SSDEEP
  
  24576:Od/jGQ1cL7Y5POF9y4Fsiem2gUJ4TmrQD06dr13TkhGb2/FJC//3bpdR:OjGQ1QKy6rQDFdrRIJ6//3bpdR
Score

3^/10

discovery
behavioral32