blankgrabber | 49df7d02c1181f22d4141dc27cb02e13ef427c1bbc4b6b1d5df061ab704e40c9 | Triage

Submit
Reports

Overview

overview

Static

static

krambus.exe

windows7-x64

7

krambus.exe

windows10-2004-x64

8

Resubmissions

16-10-2024 07:59

241016-jvdymszgqc 10

16-10-2024 07:57

241016-jtrhcazgnc 10

Sharing

General

Target

krambus_injector.rar
Size

6.8MB
Sample

241016-jtrhcazgnc
MD5

f649d3caf11e83d419be388d5a2699ff
SHA1

bdcade6d3730907200cc6a10128414aa4bfd7563
SHA256

49df7d02c1181f22d4141dc27cb02e13ef427c1bbc4b6b1d5df061ab704e40c9
SHA512

a2203acfd00118b22a8926094052a85ffa7ed42713bec4aa3717e46efd69f60c64a40a7153e3a67cc4bdc80e61cef53388cbf17be6df905f81bfd059c0e9a31c
SSDEEP

196608:vBP5699TGuvbB6iLbrnXkHzKmT0aVDB/gfLtIr:ZP563Z/UHJT0a3gfLtk

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

krambus.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

krambus.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  krambus.exe
- Size
  
  6.9MB
- MD5
  
  50afda704ab69b60ea2d25c84f779c3f
- SHA1
  
  c77c325c2cbf4053633ccfcd06a9d3dd2cbb1c38
- SHA256
  
  fc913469c47ff2fa16df4814d9bd7e9bda7fcd2fd9fe1cc130738681df381f3a
- SHA512
  
  27c75d06c7c2d1673b0faf85deb21c0bcd6d1ec3331d3ff558f4c1ac49d9714b9363cb5220ccdd065972db239dfa4d34c7ff5be0c6fa2bf39a7689db61f52495
- SSDEEP
  
  98304:agDjWM8JEE1rgBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeR8YKJJcGhEIFd:ag0/eNTfm/pf+xk4dWR8trbWOjgs+6
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

© 2018-2025

Terms | Privacy