blankgrabber | ec139b5ea1970240ce1cc9ed8c746f3d7213f93437aaf688b3bd61067db04fab

General

Target

Built.exe
Size

7.5MB
Sample

241124-zrghcsvpbl
MD5

aa87683fe01b6d45f2af3c29ba04cbc1
SHA1

5975f043228e1b8e546bd15918d653013179f339
SHA256

ec139b5ea1970240ce1cc9ed8c746f3d7213f93437aaf688b3bd61067db04fab
SHA512

afff624b9a829468177d699439b1b555077fc219e91c014d82ca018699a32523a08171917c46b630f30b85e6171172d75172558249365256fb9bc1291c6ac2ba
SSDEEP

196608:yzgVVEqLwfI9jUC2gYBYv3vbW2+iITx1U6nt:1VVEVIH2gYBgDWJTnzt

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  7.5MB
- MD5
  
  aa87683fe01b6d45f2af3c29ba04cbc1
- SHA1
  
  5975f043228e1b8e546bd15918d653013179f339
- SHA256
  
  ec139b5ea1970240ce1cc9ed8c746f3d7213f93437aaf688b3bd61067db04fab
- SHA512
  
  afff624b9a829468177d699439b1b555077fc219e91c014d82ca018699a32523a08171917c46b630f30b85e6171172d75172558249365256fb9bc1291c6ac2ba
- SSDEEP
  
  196608:yzgVVEqLwfI9jUC2gYBYv3vbW2+iITx1U6nt:1VVEVIH2gYBgDWJTnzt
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  ��8L�[.pyc
- Size
  
  1KB
- MD5
  
  be91165791f05c32bc66f22590a54570
- SHA1
  
  f1ee73c14d0795c04503474a72563949a416836c
- SHA256
  
  5aeb0e854fd500e37be736bdaceac3145e1c2c77e54ed524fb7d4ff8e2d38048
- SHA512
  
  6b5183d49d8a69dca5da75446426dcf0e25963c1922ee3a5680c9155b2a2e8f20a26b0f044edb52477acd69352d83ae4edac1e1fef20dfb9333c866aa8211d11
Score

1^/10
behavioral3 behavioral4