blankgrabber | cfcd10600d1606d39f345271772578aca4c5c489aebfc4cc870aed1036437234

Sharing

General

Target

MaiCheats.rar
Size

30.7MB
Sample

241119-vqgdrazamr
MD5

047c710104d2497188abb46450da2e78
SHA1

b792af1c6e9dbb06f2ce35d51fc8c60955b99e15
SHA256

cfcd10600d1606d39f345271772578aca4c5c489aebfc4cc870aed1036437234
SHA512

d433e019dc7da585ae08c6d7aea221b5010e9d13fcdd4c9cac41c2ce5e592244377ffc0098e41c053e4f68cc3000c2d67259468bf911f8a445e04a972e6e885d
SSDEEP

786432:43/ykuAYkRtKvqivyJYWqF/iMxgm3db9G:4wAY1v3ayskgm3db9G

Score

10^/10

Malware Config

Targets

- Target
  
  MaiCheats Loader.exe
- Size
  
  356KB
- MD5
  
  2c8e34dc56137e1cce60e29b3eb71bde
- SHA1
  
  1a6c45cb7802f7061af4b50cd721edd0269d2554
- SHA256
  
  f1925677418f8b86150c9da038effcaf554d17e06c9559d19130fb715a283ae6
- SHA512
  
  ec958011bb84c37b62bc8dbff1b1941c36add64f2af72ecab5eb2f61de6c5c3e8de0115b741b09038220cb160b14f61a714ddb4876ffa1a4c18b0be342e3482b
- SSDEEP
  
  6144:vBlkZvaF4NTBZkBT887jG8F8c30OYzmvZ/9snRZuOGh0MKPIXC:voSWNTPYT8876cEOdonuO6rXC
Score

8^/10

discovery upx collection credential_access defense_evasion execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  data/assets/jemalloc.dll
- Size
  
  248KB
- MD5
  
  cdcaa2d4874a0aaab526c52e1fff2fea
- SHA1
  
  8a6eb00b934da6c97b0dc9d2dc321843076c8987
- SHA256
  
  b147a3cc1fce8a514a558a030fe647a4a91761769eedec1c1ca2be1cd712a9e8
- SHA512
  
  270ae883818c2cea891c3efae717aa3f455c902721ad80441b0f2b28e58bf9aeba67bb1fb65d76f20d09a4c937a089ee1018439b3815b9fcdb7d7fdcce704853
- SSDEEP
  
  6144:5ISPvZG+86Mzlpb2mnk5uIXhy3hKT4W5i6wb:5n86MppbkxwKMb
Score

1^/10
behavioral3 behavioral4
- Target
  
  data/assets/jemalloc32.dll
- Size
  
  191KB
- MD5
  
  93aeb5ec9f94134784373f370d295a61
- SHA1
  
  0d3c5c4d18d9a60501bce1f586684cd2fc5c466f
- SHA256
  
  7270b1d189c68d3fb655411d0e7002bc9b131328b3cff726946e8fe16fe5b09a
- SHA512
  
  2e79b858977c6d39e4380cbee3d70b01d4d47c4291f2af6f510f222f29cca53e2de68d6c6b0cf030eb43fb60ab8807756fadae59a8583f69d0f734f9bbe6453f
- SSDEEP
  
  3072:dREMI0SsPaw8FtirHatxHkeaoPg2UYsCMGUd5liXSE0RM:PbPawm0utRaoP1dX6M
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  data/data/OpenAL.dll
- Size
  
  1.0MB
- MD5
  
  a21338306c8027ebc459c57db8459777
- SHA1
  
  dc8f7a5704164fe3dff3631c326bab7159a9358d
- SHA256
  
  1e128050e6ecd9da7a030f76b24d93a1dcb7de55b02d80cd2e2683818e895b5a
- SHA512
  
  eb80fc1924985db488175ee87389cf8ce7e851f78370f339a77ff09d7323ce5fee2e63e3562d299a6436a4d5f31cce0194fe2d1c9c4cc47809ba6d3cfb8a47eb
- SSDEEP
  
  24576:Xr0+fjUIVeMqRF/HuYDstAyAS7vUipuBuAEgFpti33Ja:PjF7qRF/HYrZvUnBuAjpti33M
Score

1^/10
behavioral7 behavioral8
- Target
  
  data/data/OpenAL32.dll
- Size
  
  982KB
- MD5
  
  bea36e6601b1b9c5dc85eb66cb438887
- SHA1
  
  aa3fa9446b7c1264e2b463bb53946718e4f8ce82
- SHA256
  
  ac63e0bc581a1fd7ac0bd2553a10913e31ff8eedfe356816dfad186c427ca5ba
- SHA512
  
  9f589c418098efc6341a536634e4a59a7fad22af6f83042c101f22da524fd89057d4eeb420986e22a9499a2690938da15203e9dad0e0e57571a800bfeaa418dd
- SSDEEP
  
  12288:oh6tnSOepf4az4/DZMyLt3r4BZ7cgDT2h49aUydbyaQ/0Z0x/5MPYjUdFpti3pxN:ohTzKukl8D2hZpuBuAjgFpti33/NL
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  data/data/SAPIWrapper_x64.dll
- Size
  
  83KB
- MD5
  
  214a0bc5ae5882495d94f7779d64b323
- SHA1
  
  c4a293116e7531d950db2d5ea737e61a9912b61d
- SHA256
  
  a8b701f1ed640bfc7e842f9bc07dd493fad3284f15bc1fa9dfc15371733d6326
- SHA512
  
  0da432d50569f753c0c9831b8854732c0e23fb382ef36d17a1d460e8e4c431495ce0358cc658da87d19e39c58230370423a58adabdf3f92a578a2279d84a7e58
- SSDEEP
  
  1536:/0tGA00KTHlHZeCbxnnQOzAGg1wsWjGpRsBQ+8/iJyzfGdc9dlVkloExc:/0tgTTFHZj9nnQOz1I0GpRsBQ+8/iJyZ
Score

1^/10
behavioral11 behavioral12
- Target
  
  data/data/SAPIWrapper_x86.dll
- Size
  
  70KB
- MD5
  
  3d47e750e4ec109d441a427ab8b37614
- SHA1
  
  70e85ab3f880a7c3d5f0a9aae0f65661cb8af5a6
- SHA256
  
  fa69dab9c06f3cdeb8bd7c1b017fb072ba4262682ea21a2e723f00a78f86dc29
- SHA512
  
  c24579b0ec34bae0533997b3b4511fd3d590fce0d7881e6f6cda3c763437ecf525aabc203a6dbea4b3c912c3d4f989580ffe2021e9c482fa65d3f53117fe4ea5
- SSDEEP
  
  1536:Gw3pkA45KEsgSCd5m89ZqQQ4hxsWXGcd38haRoD:asFwHx1hj38haRG
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  data/data/lwjgl.dll
- Size
  
  439KB
- MD5
  
  310adc26c92b020fb6d2944092d81312
- SHA1
  
  d01410449d2402a952e9a6063699f1868196883f
- SHA256
  
  207fcf6f27e60600772d202f52ba00edcd085048da30523d3ac03092dd30f873
- SHA512
  
  db4c6f1c8accea57ad395be51f3fd673cd5577b955ea5051ffd2269c1fa62437e18753104499ecd0af954fd5fc6a9478a13f499f68dc1e12295823f7120ede2d
- SSDEEP
  
  6144:02gUXvUg6HVz/8rCkEZK+rY1ELoR18+D:02gUXvUnF/m8VNkR3
Score

1^/10
behavioral15 behavioral16
- Target
  
  data/data/lwjgl32.dll
- Size
  
  419KB
- MD5
  
  b8ea778d75b1150ec0eec59d764e57cd
- SHA1
  
  a7aa4fbaa375fd39c4cb8eabeef45b44d5848bcb
- SHA256
  
  8c9490c5267a615bf0d90a84066628791a453aa30abbe86a8424281b8cdbfc79
- SHA512
  
  38e10e2cca2079dace6c4f1089d453844cf2b9eb65b0cd01800b478bfcc6117098366ef8547af71fc13d619574ac879ff259698c2d45023ca4a9214616f33495
- SSDEEP
  
  6144:7s1xf0LNGSd4e1uakLRm8KMbh23nuR+BF2QTX/MhV7:7af0LjDlk88K4yho7
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  data/data/lwjgl_opengl.dll
- Size
  
  333KB
- MD5
  
  780ed18868c28c0c249379982ea3297a
- SHA1
  
  8e9836dd0d1691356db654aa02533ad80e9bf52c
- SHA256
  
  92aec0f2b142a56ad8f361919ee0e6b387c92269efc9645071db6561ae9b6324
- SHA512
  
  430136fa22df4753c460ba4f3bfe18f9be1b1d0f0b59deedb9d5ba1e1db54ae5da3a74c3951eb59ae0b8760b5b6806373a76811c5b6f69f18bd966978f5d0e1f
- SSDEEP
  
  3072:4LVyef0be4PP+OI7RSW3Dm/W99vMdvBAoF/5OZX2lh2mH3+F5Tye:MVrQnXrW3iWCaZeO
Score

1^/10
behavioral19 behavioral20
- Target
  
  data/data/lwjgl_opengl32.dll
- Size
  
  316KB
- MD5
  
  68b37c18052fb770e77477e1e53a3428
- SHA1
  
  2e0fe073b23ab972af00025097efcfcb446d927f
- SHA256
  
  8fc4d3f3c0e0a7114f0caec7f2e734fec7e7294ab33696f1557a01e86c0ff128
- SHA512
  
  bd49a00e8e162f1c501649f71fc0a73ca72b7a433a654ab4dd19703d75f7575f195efba9bda1f2f9246f171a0e562972024cf65135c4f774adccb8c10e031561
- SSDEEP
  
  6144:hET0PjEp8p1PWjIe9Oz+0zHWIXYtrR9A5:CWlWF92
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  data/data/lwjgl_stb.dll
- Size
  
  488KB
- MD5
  
  236817b9ba4f101e25518f1158b7691f
- SHA1
  
  8b047fb3f6c31946fe33157e7912ac31595cd3b8
- SHA256
  
  64b424ce5142ce23b43e2e2bc5cc8543add7c0037a151b279e4e17aa7f7600a0
- SHA512
  
  bc5624cc4b08f75247ff6c53f737be9938199273a45065a8fb05b6057aa7bbd1a39a1b59adb86d952a2680080dbb1ef3483a8e054029f0bf62395e0c551dbe9c
- SSDEEP
  
  12288:kJ3JRsrmLj3DyaVfBrWFWplDFRWeotDqR:UngmLTDyaVJrWQXDFgeUqR
Score

1^/10
behavioral23 behavioral24
- Target
  
  data/data/lwjgl_stb32.dll
- Size
  
  432KB
- MD5
  
  a0e616c8b75575f45497864d650005ec
- SHA1
  
  1c28819763f77cbb4593a95b1cbb0999f136695d
- SHA256
  
  1907bb0e022628fc624d7c3b002e9b79e056d789d6c7578f7f046ea414ac16d5
- SHA512
  
  04cba7e7fb2c87cf5f4a9ab6f68eb0f6e8d32c3841a0a68505d7b612f1a52387b423069fc3732036c5cbabc8e933c429f6d8820ad3d50b293d0fb2a06de3c83f
- SSDEEP
  
  6144:e9HIdmzLf0gDa0lhSSwGEZ5FIh/wqdmJsUWcZEfupWGhAOcsxz:6HI0Lf0SxlhSxG6gwYFUWVfIhKgz
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  data/data/lwjgl_tinyfd.dll
- Size
  
  209KB
- MD5
  
  5dc7452c51330beb7a178d7093cdac49
- SHA1
  
  ec0fd8007afba6697d5b3b8249b5be27096a0ce8
- SHA256
  
  696a87865bf27f2cb9bc866e6d75e1a4ee3e8c469180cb9f8ebb90a2af876d10
- SHA512
  
  a671123d7ea2f5dd2f307e19627b456b7a1fe62920c64cb08fdcc4be5f0ba017c5b72a0e9ba428fa5996a82584e039818bc41051b7e883d70252b69926f82716
- SSDEEP
  
  3072:7+Oyz6WBIDhWW3gDYP1EKvqotQZGXNKSMYghpYCS1DQmdJQFACZ1sai3Uzz2KC:7+zxShWW3gDYtC7cXfMY63S1ag/bK
Score

1^/10
behavioral27 behavioral28
- Target
  
  data/data/lwjgl_tinyfd32.dll
- Size
  
  178KB
- MD5
  
  ae277b62653af1bdbb27b73ea98970bb
- SHA1
  
  079540a19727772f056cd80535e9645a674190b4
- SHA256
  
  432b6f80da7799b582178996575953da2eddfbff6bfef3202724eb4f85a10ffc
- SHA512
  
  37bf032cb8249973953a8f190e97c664dc99f83b232997bffd0fd677e3913ed2961fd9c116f64ee04c45d9e0e62e200bd814f95929d62d16a1b5eddffa351f19
- SSDEEP
  
  3072:6R4pzFYxU7Y1YEdDv7WB8Y8FLhYwBJ+2FBP1AUbUsPZnk7SWzs7yZu/SjXXQKzR:oyzFztEd/FY8FFYwC2LNAuPZkzsj/J
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  data/glfw.dll
- Size
  
  347KB
- MD5
  
  532f9686b0b55b3d7cf9f6733f29ba28
- SHA1
  
  9d95a8f52cbd48ab87937714eb4fd2129ed10f0a
- SHA256
  
  7cc30e89f7fd61ca8532b4ecb9e05598cf426d0a336bc382a128e28b824a8962
- SHA512
  
  6e6fe022238e69565fed6cb85fa74b913aed187487da4133a3e14b7eca230bbf5d70c8ab88d02b15e68a0a10549130ff2b0f2eb7d85ef3af8f92218327cfadfc
- SSDEEP
  
  6144:BzJVXAXWofCvG4AnlKVGb8Z7ESBI5yTAdj:BzJVQXW6CvFAlOxzG
Score

1^/10
behavioral31 behavioral32