blankgrabber | ce7728c21cccce1f5c506e33dceeaae49b797e3b4a2873940452bf5914089107

General

Target

obsidianV3.exe
Size

10.0MB
Sample

241113-yf4m3sybkh
MD5

66fcd8f921d800b034d43585c9e4aa19
SHA1

9c41e4453457a81c9cfbf5693bba1891eca2cc90
SHA256

ce7728c21cccce1f5c506e33dceeaae49b797e3b4a2873940452bf5914089107
SHA512

b1fe64a465596dbf5a071c3b96135a18a21f78f93ae6b1058c94ca35cb809ec3692c5cf8ba1130e59b45be42e5850f139381d1bb86f94fb285827b3a605a6ae1
SSDEEP

196608:JcHY9wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jQ:UIHziK1piXLGVE4Ue0VJU

Score

10^/10

Malware Config

Targets

- Target
  
  obsidianV3.exe
- Size
  
  10.0MB
- MD5
  
  66fcd8f921d800b034d43585c9e4aa19
- SHA1
  
  9c41e4453457a81c9cfbf5693bba1891eca2cc90
- SHA256
  
  ce7728c21cccce1f5c506e33dceeaae49b797e3b4a2873940452bf5914089107
- SHA512
  
  b1fe64a465596dbf5a071c3b96135a18a21f78f93ae6b1058c94ca35cb809ec3692c5cf8ba1130e59b45be42e5850f139381d1bb86f94fb285827b3a605a6ae1
- SSDEEP
  
  196608:JcHY9wfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jQ:UIHziK1piXLGVE4Ue0VJU
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2