blankgrabber | ba9ada271c0e3bb2c53762c41a19f414811f8b3079e107adbb64edbed4b45b53

General

Target

shark_botnet_c2.zip
Size

6.8MB
Sample

241115-yj3j7a1bla
MD5

bf52fb2803cc805f797b2f00ceb4260d
SHA1

6724edfefaaa0ac387d6f7bfae9ad6280eb6908a
SHA256

ba9ada271c0e3bb2c53762c41a19f414811f8b3079e107adbb64edbed4b45b53
SHA512

396880f658cb8b7289332db46b88a89a89dd3613295b5fb6919a1919607438b70054a2909cebf5f9f563485701f3176ecf4de6c7da728d4eba5775bdb06573c6
SSDEEP

196608:wPjxTGiNv++tfZT1dKp+nK6kbQ3sxInFWt:wZNvttfZTiUtkU3scO

Score

10^/10

Malware Config

Targets

- Target
  
  WinDivert.dll
- Size
  
  15KB
- MD5
  
  1b1284100327d972e017f565dbecf80e
- SHA1
  
  5b4f0c122a80478973eb6f9cb3bbcaf186295aea
- SHA256
  
  9444a6e6b66f13f666f9c60d1935824f61c7256e35a8cf0440e29baa7fbe42c7
- SHA512
  
  4ccb9e233a3573f6eded0efa8fa54ed929818394cdf2153623d902c749d37751da6f489354aa50968e53d42d5ce339f6368dedb7858a4ff43a1927b4338954a4
- SSDEEP
  
  384:EHGiP0PYf9pHuGvATXlQRNq/EbUKxcneWuDlE:E9MQf90GvQXlQvAEcehD
Score

1^/10
behavioral1 behavioral2
- Target
  
  WinDivert64.sys
- Size
  
  37KB
- MD5
  
  3bd5ac2e9d96e680f5dbdd183a58c47d
- SHA1
  
  83b08cb5e61c7b37bd710ea01196a26fc8f38610
- SHA256
  
  208c092fe77f161c5a313b916d73fa7f6d10dd289bab8bb5dfb3d59aacb27f25
- SHA512
  
  6cccd7971f423f72f5dbd01a83a2d27bb2bde63c4d1f5e127d77cfa0df85c289a2c3cd95c110ce38b58b9ea9a49aad18ae50f352ac6b21740d0294f771fbcb78
- SSDEEP
  
  768:R5VorUqgJs3/KtdrbYiZdNSRUYjbMUYOUaCdHUZ9fdCrYc:vVorUn9cRUuILLd07fdCU
Score

1^/10
behavioral3 behavioral4
- Target
  
  sharkbotnetc2.exe
- Size
  
  6.9MB
- MD5
  
  54797b3e8dac7850a1985866ae500b0d
- SHA1
  
  faf0cba6cf510d7bf907a3802506c778381d58a9
- SHA256
  
  5e745e0b505d56d135db62d1fb40168905eb7492b75eaa58a8fcea7f9f6e602b
- SHA512
  
  787741afee2c9795ac05ce35862aa37a656cfd96edee4324997fbd62cc143559dded94cd08732ce981938dcf3375d77754cd3efb45f719fadec6a9338fdf6ae2
- SSDEEP
  
  196608:4aV1FiHB6ylnlPzf+JiJCsmFMvcn6hVvv:AHBRlnlPSa7mmvc+H
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6