blankgrabber | 86cde2d508fd21a8bc6b07be3a4aecdc1b0ea403535b38a4f59bba82c0d7172d | Triage

Submit
Reports

Overview

overview

Static

static

Video tool.exe

windows7-x64

8

Video tool.exe

windows10-2004-x64

8

Resubmissions

30-10-2024 14:24

241030-rqn7tavflh 10

30-10-2024 13:53

241030-q66alavcmg 10

Sharing

General

Target

Video tool.exe
Size

7.5MB
Sample

241030-q66alavcmg
MD5

6a4cdfa563d9e187d86e3f95345af036
SHA1

5319190f5f82b9bfbf15ced2d3f8eea777aa5f46
SHA256

86cde2d508fd21a8bc6b07be3a4aecdc1b0ea403535b38a4f59bba82c0d7172d
SHA512

e225d7ad74845fe8dfaa2e0ad9f721f80df8701d051ccb8585078e2fcdc13c18b536c62a2e6da72bf1629d400c5e6c2815a09cd3afcea868c3b768397df56228
SSDEEP

196608:dkgFbcpwfI9jUC2gYBYv3vbW5+iITm1U6fl:TFbTIH2gYBgDW4TOzd

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Video tool.exe

Resource

win7-20240903-en

windows7-x64

14 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Video tool.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Video tool.exe
- Size
  
  7.5MB
- MD5
  
  6a4cdfa563d9e187d86e3f95345af036
- SHA1
  
  5319190f5f82b9bfbf15ced2d3f8eea777aa5f46
- SHA256
  
  86cde2d508fd21a8bc6b07be3a4aecdc1b0ea403535b38a4f59bba82c0d7172d
- SHA512
  
  e225d7ad74845fe8dfaa2e0ad9f721f80df8701d051ccb8585078e2fcdc13c18b536c62a2e6da72bf1629d400c5e6c2815a09cd3afcea868c3b768397df56228
- SSDEEP
  
  196608:dkgFbcpwfI9jUC2gYBYv3vbW5+iITm1U6fl:TFbTIH2gYBgDW4TOzd
Score

8^/10

discovery upx execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

© 2018-2025

Terms | Privacy