blankgrabber | 5ac09a5c05205dc089af711c8de939512a20e0683f611730d3d410b235293f3f

General

Target

FCFC CHEAT.exe
Size

7.4MB
Sample

241025-wxygaasglc
MD5

1f0d3df315270ca370c5a33958b31b2b
SHA1

55f86eb687bc8b398ab9342fe3d9fe636dfd633b
SHA256

5ac09a5c05205dc089af711c8de939512a20e0683f611730d3d410b235293f3f
SHA512

47e2b0b07855d8f26e9db3a9c61fb6bc06fa8603d6fd72d1cabb1c512e0b538c7fe1014a780ffe2c28c4c95aa0746d6e1dbdd0fc661b80245d89c5c3cbf866f7
SSDEEP

98304:7NSi8TR+PurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJ3:78WurErvI9pWjgfPvzm6gsFEF4fv

Score

10^/10

Malware Config

Targets

- Target
  
  FCFC CHEAT.exe
- Size
  
  7.4MB
- MD5
  
  1f0d3df315270ca370c5a33958b31b2b
- SHA1
  
  55f86eb687bc8b398ab9342fe3d9fe636dfd633b
- SHA256
  
  5ac09a5c05205dc089af711c8de939512a20e0683f611730d3d410b235293f3f
- SHA512
  
  47e2b0b07855d8f26e9db3a9c61fb6bc06fa8603d6fd72d1cabb1c512e0b538c7fe1014a780ffe2c28c4c95aa0746d6e1dbdd0fc661b80245d89c5c3cbf866f7
- SSDEEP
  
  98304:7NSi8TR+PurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJ3:78WurErvI9pWjgfPvzm6gsFEF4fv
Score

8^/10

collection credential_access defense_evasion discovery execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ��t�.pyc
- Size
  
  1KB
- MD5
  
  f10f8e9a4440ee692d865beef3d791f8
- SHA1
  
  1cd0ad6c913e106d59272330b661531eb27298d2
- SHA256
  
  e789f746cec5de3c3c60d7d6c857f8a77f58991df345fe71701dc51f29d537fa
- SHA512
  
  f917cc790ae4f768037120f72265536dadc9033dbf7a540544eaf0ec1075b9ef11033db6f24eeede9b13efd2623e8ddbacf90dfc0e562066087107e231305bba
Score

1^/10
behavioral2