blankgrabber | 3a613d23a2dd7cc1ee5a51cf21d84594fbe0a8e36de09377d3877635eaf23243

General

Target

BetaVoxel.exe
Size

8.2MB
Sample

241119-2rrz7syrhq
MD5

cdc48dcdb401aa3a114c93a4865333cd
SHA1

2ae2ece80e43eedfd2dcc8ed3f85291d86c1a6f6
SHA256

3a613d23a2dd7cc1ee5a51cf21d84594fbe0a8e36de09377d3877635eaf23243
SHA512

e0c93c8c08469fdb9a9785819970fdebbd31ea4857ecba09151270df447dd2022c3cfd6edaa5c12413de14a7b5326e052a5cfcbccd5a4368f0d2a2a6671dbe39
SSDEEP

196608:duYzwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j/:WIHziK1piXLGVE4UrS0VJD

Score

10^/10

Malware Config

Targets

- Target
  
  BetaVoxel.exe
- Size
  
  8.2MB
- MD5
  
  cdc48dcdb401aa3a114c93a4865333cd
- SHA1
  
  2ae2ece80e43eedfd2dcc8ed3f85291d86c1a6f6
- SHA256
  
  3a613d23a2dd7cc1ee5a51cf21d84594fbe0a8e36de09377d3877635eaf23243
- SHA512
  
  e0c93c8c08469fdb9a9785819970fdebbd31ea4857ecba09151270df447dd2022c3cfd6edaa5c12413de14a7b5326e052a5cfcbccd5a4368f0d2a2a6671dbe39
- SSDEEP
  
  196608:duYzwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j/:WIHziK1piXLGVE4UrS0VJD
Score

10^/10

collection credential_access defense_evasion discovery execution spyware stealer upx evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  �$߀�A.pyc
- Size
  
  1KB
- MD5
  
  8c9e2aab7a6f4c6cab37297c184044ca
- SHA1
  
  11bda8a5e2b6de5a18ce4a47f0837741002fc9c7
- SHA256
  
  f94d5861ee2392bb1277632045d7f9756d360cc1f0d2e27c79ee54e8ace4651e
- SHA512
  
  6e8d4027b6ddcd687989af05c7322b0ea196b6b2ddbde0bd91f156e57b6a22e88d85db8bc703eef4e8288fc19f5f09fe6a853f61d09683e45476192782f742bf
Score

1^/10
behavioral3 behavioral4