blankgrabber | f4d4286a5b93621dac280247aa449c39a018aa4295e6f2c6a8dc80dfcfa64bf7

General

Target

nezurr.exe
Size

7.5MB
Sample

241119-21l6bavbqg
MD5

92c47cbd15a6099a4da50d726015508c
SHA1

91e8ab7d6c699f8ed8247705d03cec2c3d9b97d8
SHA256

f4d4286a5b93621dac280247aa449c39a018aa4295e6f2c6a8dc80dfcfa64bf7
SHA512

00f7b1ff896e034108c4e66812605dbbcf3eaef712823a561ffc642282b45a5838bf706e449b42381f794ccb0aa74e41fcc72ecfe28b5e37e31fff24800e3946
SSDEEP

196608:qWgeIvwfI9jUC2gYBYv3vbWvGPI63p1e5zf:CaIH2gYBgDWgpwVf

Score

10^/10

Malware Config

Targets

- Target
  
  nezurr.exe
- Size
  
  7.5MB
- MD5
  
  92c47cbd15a6099a4da50d726015508c
- SHA1
  
  91e8ab7d6c699f8ed8247705d03cec2c3d9b97d8
- SHA256
  
  f4d4286a5b93621dac280247aa449c39a018aa4295e6f2c6a8dc80dfcfa64bf7
- SHA512
  
  00f7b1ff896e034108c4e66812605dbbcf3eaef712823a561ffc642282b45a5838bf706e449b42381f794ccb0aa74e41fcc72ecfe28b5e37e31fff24800e3946
- SSDEEP
  
  196608:qWgeIvwfI9jUC2gYBYv3vbWvGPI63p1e5zf:CaIH2gYBgDWgpwVf
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2