blankgrabber | 08d63046d0b7fd5e5b246a467dff0e1e2f9e45c84b3ce0979ecb6ade46f6f0e8

General

Target

Deluxe.exe
Size

8.2MB
Sample

241106-e58hsavgrl
MD5

55468161bd9a25e7163ff35fb980a516
SHA1

d8f742316568cb2f859babde4084bc6e75c818de
SHA256

08d63046d0b7fd5e5b246a467dff0e1e2f9e45c84b3ce0979ecb6ade46f6f0e8
SHA512

a795f32daf6eea34d2f70f7f9a1c4f86666ec205d8d1403f0c8aa4800dddb3f5dbbe6974742336ec8e041f02c6963c66fbf195216e0da6dab9e7e1c9b5017317
SSDEEP

98304:tKSi8QadjdTREQurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo1CTarEwc:ttUQurErvI9pWjgfPvzm6gsQCTqEF4fc

Score

10^/10

Malware Config

Targets

- Target
  
  Deluxe.exe
- Size
  
  8.2MB
- MD5
  
  55468161bd9a25e7163ff35fb980a516
- SHA1
  
  d8f742316568cb2f859babde4084bc6e75c818de
- SHA256
  
  08d63046d0b7fd5e5b246a467dff0e1e2f9e45c84b3ce0979ecb6ade46f6f0e8
- SHA512
  
  a795f32daf6eea34d2f70f7f9a1c4f86666ec205d8d1403f0c8aa4800dddb3f5dbbe6974742336ec8e041f02c6963c66fbf195216e0da6dab9e7e1c9b5017317
- SSDEEP
  
  98304:tKSi8QadjdTREQurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo1CTarEwc:ttUQurErvI9pWjgfPvzm6gsQCTqEF4fc
Score

10^/10

discovery evasion execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2