blankgrabber | 068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d | Triage

Submit
Reports

Overview

overview

Static

static

068ad2d85a...2d.exe

windows7-x64

7

068ad2d85a...2d.exe

windows10-2004-x64

8

Sharing

General

Target

068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d
Size

7.7MB
Sample

241105-ybqweswpe1
MD5

d014887bdadda019ba8f2e67fc0ea72a
SHA1

6bb73cdda0f674c7320a9a9bf69ab31245430908
SHA256

068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d
SHA512

89f4e247663d014007b03bcaf83f834380caecf4e742216afd7b79d200b41354440f8cc8a7cac9beacf737a03a2c1900f7a42a683f225e3609b1e1774242252d
SSDEEP

98304:GRNzHqdVfB2T0S27wHn2ByuT/9vUIdD9C+z3zO917vOTh+ezDNhCSpXq4JvmJ1nV:GPQsT52BbT/9bvLz3S1bA3zCSEpn97Yc

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d.exe

Resource

win10v2004-20241007-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d
- Size
  
  7.7MB
- MD5
  
  d014887bdadda019ba8f2e67fc0ea72a
- SHA1
  
  6bb73cdda0f674c7320a9a9bf69ab31245430908
- SHA256
  
  068ad2d85aea37b7fd2f4c353ccf9001fbcf266a37a66db6379f70a82caae22d
- SHA512
  
  89f4e247663d014007b03bcaf83f834380caecf4e742216afd7b79d200b41354440f8cc8a7cac9beacf737a03a2c1900f7a42a683f225e3609b1e1774242252d
- SSDEEP
  
  98304:GRNzHqdVfB2T0S27wHn2ByuT/9vUIdD9C+z3zO917vOTh+ezDNhCSpXq4JvmJ1nV:GPQsT52BbT/9bvLz3S1bA3zCSEpn97Yc
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

© 2018-2025

Terms | Privacy