blankgrabber | 1c0506799356c8dd80f5a52c23e28551bd2c4b0ba0f7020360846f211c041c15 | Triage

Submit
Reports

Overview

overview

Static

static

exstiction.exe

windows10-ltsc 2021-x64

��.pyc

windows10-ltsc 2021-x64

Sharing

General

Target

exstiction.exe
Size

6.0MB
Sample

241106-x75h1symeq
MD5

4c44f4daa87e542951558f9387cde925
SHA1

7eb343d48fe29419114f19f92901a22806d7284f
SHA256

1c0506799356c8dd80f5a52c23e28551bd2c4b0ba0f7020360846f211c041c15
SHA512

14a41a27e2353327fd6bf1d87a8ba9dd9b72253f429ba535484366b74a70d3f61fd740da3d26fc55950b6e1f023fb8a9d0ae53e7a76688f4a92b1816f2397ecb
SSDEEP

98304:74EtdFBCpamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RDOuAK4kJOyD:7/FIkeN/FJMIDJf0gsAGK4RCuAK4WVD

Score

10^/10

blankgrabber discovery evasion execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

exstiction.exe

Resource

win10ltsc2021-20241023-en

discovery evasion execution upx

windows10-ltsc 2021-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

��.pyc

Resource

win10ltsc2021-20241023-en

windows10-ltsc 2021-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  exstiction.exe
- Size
  
  6.0MB
- MD5
  
  4c44f4daa87e542951558f9387cde925
- SHA1
  
  7eb343d48fe29419114f19f92901a22806d7284f
- SHA256
  
  1c0506799356c8dd80f5a52c23e28551bd2c4b0ba0f7020360846f211c041c15
- SHA512
  
  14a41a27e2353327fd6bf1d87a8ba9dd9b72253f429ba535484366b74a70d3f61fd740da3d26fc55950b6e1f023fb8a9d0ae53e7a76688f4a92b1816f2397ecb
- SSDEEP
  
  98304:74EtdFBCpamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RDOuAK4kJOyD:7/FIkeN/FJMIDJf0gsAGK4RCuAK4WVD
Score

10^/10

discovery evasion execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ��.pyc
- Size
  
  857B
- MD5
  
  c36da36a8d75e0db87bba25a01a986c3
- SHA1
  
  0678f517001020c4f45b130b6b7a6e4a69e7c86e
- SHA256
  
  6365a9a8dd9e07d4e1c0c93784086fc532c9f2896b339158a95c3b0273c25af6
- SHA512
  
  05fc7587691abdd1119d7339d4b291825f0be8a5c5d970994e26337866f2ee468c5b420fa6807f53a616242259d05d4a8139ccb4d85c9dc12455b6acf0ee44f1
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionupx

behavioral2

© 2018-2025

Terms | Privacy