blankgrabber | a71dab080209ce54c3cff55646b7dfa4687bb3d76c0362c00f2adc02b857e3b2

General

Target

ZaraSpooferV2.exe
Size

16.6MB
Sample

241111-v58fsa1qb1
MD5

81b3d55569eaa619bd1756b61f9e1134
SHA1

34015807cbb8ecd20143a49912df3d1077359821
SHA256

a71dab080209ce54c3cff55646b7dfa4687bb3d76c0362c00f2adc02b857e3b2
SHA512

95f5b3db6b7d0b638097fd7acb1f6740fbf29ad895b551e7d1931c5890df324f32dbfb1ebabdbf6c774dbb1a3398c714c8bc93e5283738d28a4380e2403a64ad
SSDEEP

393216:e5JS5F+oFUBTUoW6AME9jH0OIvGbsvI58L1+OyNONV/Fqyf0gstCAKY:e/ZYoWw4jHrIegvQ0wNONV4vvN

Score

10^/10

Malware Config

Targets

- Target
  
  ZaraSpooferV2.exe
- Size
  
  16.6MB
- MD5
  
  81b3d55569eaa619bd1756b61f9e1134
- SHA1
  
  34015807cbb8ecd20143a49912df3d1077359821
- SHA256
  
  a71dab080209ce54c3cff55646b7dfa4687bb3d76c0362c00f2adc02b857e3b2
- SHA512
  
  95f5b3db6b7d0b638097fd7acb1f6740fbf29ad895b551e7d1931c5890df324f32dbfb1ebabdbf6c774dbb1a3398c714c8bc93e5283738d28a4380e2403a64ad
- SSDEEP
  
  393216:e5JS5F+oFUBTUoW6AME9jH0OIvGbsvI58L1+OyNONV/Fqyf0gstCAKY:e/ZYoWw4jHrIegvQ0wNONV4vvN
Score

10^/10

discovery execution upx evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3