blankgrabber | d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff | Triage

Submit
Reports

Overview

overview

Static

static

d93a64436a...ff.exe

windows7-x64

7

d93a64436a...ff.exe

windows10-2004-x64

8

Sharing

General

Target

d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff.exe
Size

7.5MB
Sample

241028-d1hwwsxjcq
MD5

d4d15e51aea05960af4374af1bbf2a07
SHA1

a6f375da23aa2968133bfb68fd8f1e151fe66c2d
SHA256

d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff
SHA512

509e2cac45f1959a17bdc50c838b825c1568f0165ed1d89fd9d46c60ddfee06d9b85736485f14687e6d1518be3b0360126375e1fd4cec7c520fea4a7c95d8a93
SSDEEP

196608:PCgFzwfI9jUC2gYBYv3vbW5+iITm1U6fj:zFAIH2gYBgDW4TOzL

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff.exe
- Size
  
  7.5MB
- MD5
  
  d4d15e51aea05960af4374af1bbf2a07
- SHA1
  
  a6f375da23aa2968133bfb68fd8f1e151fe66c2d
- SHA256
  
  d93a64436ad81748dfeebca8d1e2396843c80d01222367e244794ce6a4188bff
- SHA512
  
  509e2cac45f1959a17bdc50c838b825c1568f0165ed1d89fd9d46c60ddfee06d9b85736485f14687e6d1518be3b0360126375e1fd4cec7c520fea4a7c95d8a93
- SSDEEP
  
  196608:PCgFzwfI9jUC2gYBYv3vbW5+iITm1U6fj:zFAIH2gYBgDW4TOzL
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

© 2018-2025

Terms | Privacy