blankgrabber | dcd01ef17cf8041120888fa94db1b052a5e24e5e10f04f13a491898eeaaa1455 | Triage

Submit
Reports

Overview

overview

Static

static

HiSpigItsC...ge.exe

windows7-x64

7

HiSpigItsC...ge.exe

windows10-2004-x64

8

Sharing

General

Target

HiSpigItsChaosImJustDoingThisToShowThatRatsGetAutoNukedOnTriage.exe
Size

6.7MB
Sample

241026-x32lkawlgx
MD5

e56e84716421003417dfff63cb4958f1
SHA1

5b34c05dc8474b7dd349b537fa32820bce9a6b3b
SHA256

dcd01ef17cf8041120888fa94db1b052a5e24e5e10f04f13a491898eeaaa1455
SHA512

ad354c1356cbc95d1f6e491677515cc7c1280ee56e9254a3fae05a7623d1cad6a3d6fb53c67210c50ae493c1ec072e412f561aeca7dc4f6045adbb752c9e608e
SSDEEP

196608:YiFhm/AeN/FJMIDJf0gsAGK5SEQRfnAK7dCG:lw/Fqyf0gsfNfAKX

Score

10^/10

blankgrabber defense_evasion execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HiSpigItsChaosImJustDoingThisToShowThatRatsGetAutoNukedOnTriage.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

HiSpigItsChaosImJustDoingThisToShowThatRatsGetAutoNukedOnTriage.exe

Resource

win10v2004-20241007-en

defense_evasion execution upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  HiSpigItsChaosImJustDoingThisToShowThatRatsGetAutoNukedOnTriage.exe
- Size
  
  6.7MB
- MD5
  
  e56e84716421003417dfff63cb4958f1
- SHA1
  
  5b34c05dc8474b7dd349b537fa32820bce9a6b3b
- SHA256
  
  dcd01ef17cf8041120888fa94db1b052a5e24e5e10f04f13a491898eeaaa1455
- SHA512
  
  ad354c1356cbc95d1f6e491677515cc7c1280ee56e9254a3fae05a7623d1cad6a3d6fb53c67210c50ae493c1ec072e412f561aeca7dc4f6045adbb752c9e608e
- SSDEEP
  
  196608:YiFhm/AeN/FJMIDJf0gsAGK5SEQRfnAK7dCG:lw/Fqyf0gsfNfAKX
Score

8^/10

upx defense_evasion execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionexecutionupx

© 2018-2025

Terms | Privacy