blankgrabber | 201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59

Sharing

General

Target

kiddionsV2.zip
Size

8.4MB
Sample

241120-brk9jsxcjc
MD5

427ba211b9c4ab3f3a49a085d27e9b42
SHA1

c3f06ddafa34468caf2e89d2b3813e45fa5dd737
SHA256

201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59
SHA512

87eb8aadb40304b037b9e3681020f40ac32e474c786cfb7fffe994c29f6002c9bd44bf487c52450617a0fcf1cf3b30cf8e04f8ebf0eed016cfded0e4dc0460d0
SSDEEP

196608:5o69w07B/TREtRjh8b9u31wF+QkTKjezNVt3XYr/kSCxPzGlsZLIISJ:5oS7hg18pul++QkejgPt3Ir/5bISJ

Score

10^/10

Malware Config

Targets

- Target
  
  kiddionsV2.zip
- Size
  
  8.4MB
- MD5
  
  427ba211b9c4ab3f3a49a085d27e9b42
- SHA1
  
  c3f06ddafa34468caf2e89d2b3813e45fa5dd737
- SHA256
  
  201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59
- SHA512
  
  87eb8aadb40304b037b9e3681020f40ac32e474c786cfb7fffe994c29f6002c9bd44bf487c52450617a0fcf1cf3b30cf8e04f8ebf0eed016cfded0e4dc0460d0
- SSDEEP
  
  196608:5o69w07B/TREtRjh8b9u31wF+QkTKjezNVt3XYr/kSCxPzGlsZLIISJ:5oS7hg18pul++QkejgPt3Ir/5bISJ
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  kiddions/KiddionsV2.exe
- Size
  
  8.3MB
- MD5
  
  8ff98e2147316eb4fd3cef7eaa9f24b7
- SHA1
  
  53baaae552a2b0d71c43623592685e8b7d33f522
- SHA256
  
  f0f11202a1ed2c0cfd3f697b8f928d77bd187b2911b186a5a095a9189a07afea
- SHA512
  
  de5efe8949507344db174975a40a2d3793108282cebd662f927c11382acb3e37634e2368131206920df4c7a430a408e878d900b12ddee91dbf7bdf6ec555ebe4
- SSDEEP
  
  196608:mrP12cEziRLjv+bhqNVoB8Ck5c7GpNlpq41J2Uavbk9qtlDfqWp:W7rL+9qz88Ck+7q3p91JnqfqWp
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  g�rWQ.pyc
- Size
  
  1KB
- MD5
  
  e1e52c964e024c05858513cfa2ed594e
- SHA1
  
  89f81b63d3f50c8ec58b47f4394baebd56588a3f
- SHA256
  
  3e4d4bcb9bb84b68e79354ace521d587e744e4acb418f38f2268173f97cbb597
- SHA512
  
  d3ba481389c41fd126750201731241f5090fe5876b945d86d339c058d73df5cac69c7b4093524bb2f88f491d91441a33c8c8b2328a98b9d903bb134af8259aab
Score

1^/10
behavioral3
- Target
  
  kiddions/config.JSON
- Size
  
  3KB
- MD5
  
  adfe54c12ad0c49436cf3e2072ead029
- SHA1
  
  6f946f5ef3c0f04e3edaab11cc5f6fe3bc591e3d
- SHA256
  
  71423722f65e1501a0eea0faedbf20715a3dab3a22e6578988d6e8942f521c6d
- SHA512
  
  b88ec0763b0746b3ae99e563a0d97d27e1de709e7bf61eec5800788bb7b1021a7c20af92f97cb85df1f630ee25026df327a56df4e3be804f536fa928b67d1b7b
Score

3^/10
behavioral4
- Target
  
  kiddions/scripts/Money Drop Script for v1.67.lua
- Size
  
  739B
- MD5
  
  df1025f06ac6ada8bb7be3c559737297
- SHA1
  
  87842eb75db5a7c5ecb44833fdc6da0e45c50777
- SHA256
  
  04f1c48d592b774ce5236e1df682bcb5d8f7df4413c247b461bc5cd4184c2dd0
- SHA512
  
  4bf795e21cad650fc20c6636cc2ce5f50ca78ae177d9481a9310000f75102ca6068702c3641c3742a3bfd822207826b15d463d5777fb360d39c7839283dac634
Score

3^/10
behavioral5
- Target
  
  kiddions/scripts/Readme.api
- Size
  
  24KB
- MD5
  
  36754844e4b9d76b810066b529af0e5b
- SHA1
  
  da8c4031d42ae41a796b409d525883b71c23bd0f
- SHA256
  
  668a8e8430485417796ea563eb97fd366fdaa2f7fc6769bf5a18626f19aef1f6
- SHA512
  
  5e0eba72a25c4d8f9727bf4ec2f3ae7dacd71b34df710bb7daf41c5f3dc6ca08473de783580d0b2982831f93394dcac485c9980f46af6973af96aeb03e9de659
- SSDEEP
  
  192:qNzc4v05Feq0hHBjBCpGjem0uezAsNpGlbWXxX5IS+wwSgU0FXxZujFS+JraytK2:h5ChWGjemBZWXxX5MO0FrujPJreOi4
Score

3^/10
behavioral6
- Target
  
  kiddions/scripts/Silent_Night_v1.68.lua
- Size
  
  260KB
- MD5
  
  7a9f063f39043bb2f0c247180a033e2e
- SHA1
  
  1377d19d29d0ae013577a873ca38825ef29ad498
- SHA256
  
  5b079afe3678781617dcfd19235f14dc9c1eb9c9fccd5ec82bdbfdde09099ab9
- SHA512
  
  ccf8f79282abab2474bf9ff2f5c6303895b1f6ac4f3ba84f8439e0f6f3c6e42b17fb9a83525a886f45d9db04effe6eb13a2f642f4df61a894c1b7c84ec8a0de2
- SSDEEP
  
  1536:CXDRCTI1MxqvlcCFIKcL4OAuYq7LhLYuBUi2SO5GjcFYWUwWGIkeD9Z0jiK1FxiU:QDJlcL4OA76LFY1i2SOg/0jiK1FxDVmE
Score

3^/10
behavioral7
- Target
  
  kiddions/scripts/Ultimate_Menu_V2.1_1.68.lua
- Size
  
  809KB
- MD5
  
  5699591d3f5e1a3ddadc6c27239601d5
- SHA1
  
  d6d266db15662a7c1544e36c314d992d3c012543
- SHA256
  
  a1221cebc62e211ae4f5f6b7d3a7c6f0a4200072795096dc4622ca5c12b9649e
- SHA512
  
  abb66d92eeca41ac23830c26baa0af0a7ec07edd58f1ac6aa2c22a9654578d71c2055e766c6b4d4bdb4d561ea2455363a55528e781c8a02c567fce49baa87ae2
- SSDEEP
  
  24576:3zd8Pzd8iLq49T2n4dPtImI6W4LePHOtgYnXFtgYnXdToABRO:ALq49T2n4dPtImI6W4LePHOtgYnXFtg3
Score

3^/10

execution
behavioral8
- Target
  
  kiddions/scripts/demo.lua
- Size
  
  429B
- MD5
  
  a0cdff1f4eaf5af121513b9885295341
- SHA1
  
  e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97
- SHA256
  
  f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea
- SHA512
  
  1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd
Score

3^/10
behavioral9
- Target
  
  kiddions/scripts/menu.lua
- Size
  
  1KB
- MD5
  
  9596bef3ecd38e99364eb58e56cd49be
- SHA1
  
  676b733db5bb30bdb7824024a1c2fc045a27b4f1
- SHA256
  
  4a7d7886622501f6b6728a0e9860fe81a1c90fd0e5f2fbe7ff94524e05e0b6b8
- SHA512
  
  f2d1b11964181b3017f12f381bc241688f18efb3901acd6697ce0ba462693ac947e1d576d88de08b8e8798680cc4e640c5ec1aa4b2a0f4ad6739904f48ce7665
Score

3^/10
behavioral10
- Target
  
  kiddions/scripts/sirius.lua.example
- Size
  
  468B
- MD5
  
  1fdd7bce4f24c51ec8267d7fe65b265e
- SHA1
  
  4f247776830fb30cf816f227f13d3645b8d3aa6d
- SHA256
  
  d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d
- SHA512
  
  4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4
Score

3^/10
behavioral11
- Target
  
  kiddions/scripts/vehicle.lua
- Size
  
  306B
- MD5
  
  1eceb52600b875b85a169687fb62ed1e
- SHA1
  
  2d13ed39f1d757af9a5d07790065cc8c00c4984b
- SHA256
  
  0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b
- SHA512
  
  23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b
Score

3^/10
behavioral12
- Target
  
  kiddions/scripts/weapon.lua
- Size
  
  277B
- MD5
  
  402a9279c76afb2c5977cf97d270c3d1
- SHA1
  
  4cd6474f3cbf9c3ca26277d5691460e8744aae59
- SHA256
  
  20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14
- SHA512
  
  7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db
Score

3^/10
behavioral13