blankgrabber | ef4cf2826149284b8723f3422440cdd15f9e9f23b978e2b7bf114e6d4a1b08b2

Sharing

Copy URL

Twitter E-mail

General

Target

Vvv.rar
Size

71.7MB
Sample

241102-ryvdsswhra
MD5

a5510138a8465c0a5bc5abe48b419b65
SHA1

8381061a021294416708645e438f8499489d2294
SHA256

ef4cf2826149284b8723f3422440cdd15f9e9f23b978e2b7bf114e6d4a1b08b2
SHA512

1994d72ca7a7946f403f5537d8f7262587a943939b36de9951bb8e99ae810abebbc211ee83180a27efb11bb99fa43aeb33426bf7ddff80669351e8d7d5d18e9a
SSDEEP

1572864:OUFqCMeZBZyjbbbcrEXVqX7WXHT0X2/lvcgo65Hs5JOEHU4ZGJjZ7niDww:OUpMuH2bbAYXVB3wOUgc5JOEHijliMw

Score

10^/10

Malware Config

Targets

- Target
  
  Vvv/betaa/betaa/backends/include/httplib/README.md
- Size
  
  22KB
- MD5
  
  d29f2e563571e191aa6491cc8ed4c1db
- SHA1
  
  24a3b118e37bbbd1a985f9484cc285fa0edf7110
- SHA256
  
  9de688f48c4be2dd3f7f0f67d33d718a2f154b988099baa0064dd51239d85a9a
- SHA512
  
  e5b19ec91e8981adbaae5b94fb30a89d9ba25c650aa9e4f57353be945d1d9be08f06a6fab8f22ec99296539f114e34b22cfd281eb543c933a27447922b20d04e
- SSDEEP
  
  384:5WzZNubQeNC0KOSzWBUZN7j5NjEbTaO6+5vLt2AO+fvX4Uw9tC:5WzZNubQ1mBUZN4q2vJ2WoUw9tC
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/split.py
- Size
  
  1KB
- MD5
  
  27ab5484b713bdbea38e827a719be90c
- SHA1
  
  912ca047320cfa917748ce0068dcf4bbadb73898
- SHA256
  
  b0809088aab7733e50606ad8250fe851ea12ec9381e896fc12969d0e1d3e124f
- SHA512
  
  0091e3a01c3d66f92916e8a7e788b6cb1d628d2fe263092f1cafd67bad2cf91302009c1f132e83d0686a06b819cb3fa9b335148073522eb4090c775432ea28a5
Score

3^/10

execution
behavioral3 behavioral4 behavioral5 behavioral6
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/test.cc
- Size
  
  208KB
- MD5
  
  039faa62b783813dfdad4f312f252a6b
- SHA1
  
  064e917e2dc5c52c4535b91e0ae639f886dfb6a1
- SHA256
  
  f9f0d804bd773e92813feef8828c816ad9a6d7dfc26101bc0a495f4f72c4cbf6
- SHA512
  
  1e2ff9fcf287877fe9fc0e5c9468b7469b10ec6a1bcb68a81f851d877a0bf75539e6064b464d68be924655f32c9e2fe754320fcb32f9a6a698ff4d8f2249fa80
- SSDEEP
  
  3072:O/3YpDpcoajq/sTyXONt8F4KbAiTzTI6Iq7RgZlO:O/3YxFXOjaTzTIDkgZo
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www/dir/index.html
- Size
  
  104B
- MD5
  
  aef30cf746db10a8fd09ab6bf6b701ce
- SHA1
  
  208361e1686e97df83bd2a47eddb6339e6c2d0f2
- SHA256
  
  c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
- SHA512
  
  6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www/dir/test.html
- Size
  
  9B
- MD5
  
  eac0a7ec83537763d3ba7671828d0989
- SHA1
  
  5017803b9ee9b00cc52db4a18a64b71cfc076fd7
- SHA256
  
  f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
- SHA512
  
  e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www2/dir/index.html
- Size
  
  104B
- MD5
  
  aef30cf746db10a8fd09ab6bf6b701ce
- SHA1
  
  208361e1686e97df83bd2a47eddb6339e6c2d0f2
- SHA256
  
  c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
- SHA512
  
  6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www2/dir/test.html
- Size
  
  9B
- MD5
  
  eac0a7ec83537763d3ba7671828d0989
- SHA1
  
  5017803b9ee9b00cc52db4a18a64b71cfc076fd7
- SHA256
  
  f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
- SHA512
  
  e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www3/dir/index.html
- Size
  
  104B
- MD5
  
  aef30cf746db10a8fd09ab6bf6b701ce
- SHA1
  
  208361e1686e97df83bd2a47eddb6339e6c2d0f2
- SHA256
  
  c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
- SHA512
  
  6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Vvv/betaa/betaa/backends/include/httplib/test/www3/dir/test.html
- Size
  
  9B
- MD5
  
  eac0a7ec83537763d3ba7671828d0989
- SHA1
  
  5017803b9ee9b00cc52db4a18a64b71cfc076fd7
- SHA256
  
  f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
- SHA512
  
  e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Vvv/betaa/betaa/backends/protection/protect_x/SDK/obsidium64.dll
- Size
  
  324KB
- MD5
  
  0871abdad28adda93509c0baa346416f
- SHA1
  
  fd3ab480335ee1d42cfb939cc95fbcfa3fcd7133
- SHA256
  
  90f210b79538e41e21d918208665f1cbe8bd0b5a48a96431a8cf90ad505c75b8
- SHA512
  
  14f48806134c1472ea82419a24632ef9de69cc6e80ed2b1c9e54b931735dadad0c4dfd48eceffe260297ecb1f9308e75a4eca01985a4f5d1cb1c6134676c1b8a
- SSDEEP
  
  6144:uaaUAfzrrA3Q5svEm81s70OOSL9ZIgv7dIPvrHV6p:uaan3E3hECaSpZbDdi7V6p
Score

1^/10
behavioral21 behavioral22
- Target
  
  Vvv/betaa/betaa/frontend/roblox/classes/classes.cpp
- Size
  
  33KB
- MD5
  
  554f1d2b89b0533a5473d32d73ed8428
- SHA1
  
  c24bfa51a371d6ea68477a9ce757e404a279108d
- SHA256
  
  2462dec4cdcb8f695f9bf7c3337c5768365428898691edb802965c04f9c2ae48
- SHA512
  
  641d788840f40e7c161b6a5b7da1e43e9a0444b05a1f94286f0af2ba058fa6922cbee0637d5de65b7bc38406e8c8a2f411a8738fe78056d28cb21b66afb884a4
- SSDEEP
  
  768:7smlqyR6kUVtNphfGAnJNLfyGIcUl0vRyLDKv:7B8Jhfv
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Vvv/betaa/betaa/output/KernelMapper.exe
- Size
  
  7.6MB
- MD5
  
  de2184455261fe1ffb2cba15509c1c54
- SHA1
  
  1dfa4bc9672657972505c83b6d5b9813b0c97e08
- SHA256
  
  39faa548d1b841b8a4830651d8ad95acb8c97239993e9d37894281e97c9da64a
- SHA512
  
  fdcf73f4bbda7c6c44d2d08a079fc8a83859d6404cffd512499d846c32bbf170609217bfa75117a2946f674b1af2d1bf3021397870a4fdb353a706413a38b36f
- SSDEEP
  
  196608:IFHYY7wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jK:5IHziK1piXLGVE4Ue0VJ2
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Python

T1059.006

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26