blankgrabber | 360a32931d559f585d8e868fcf1fbcd17db16a9ebc2a0011ec0bbfe08ed8b2dd

General

Target

SantoWareUpd1.0.zip
Size

7.2MB
Sample

241126-21sm4atray
MD5

2006e01cff2a6381721c9b7372dc3b7d
SHA1

ff79cb9a75de1f80ea69c51405acf2305f061e9a
SHA256

360a32931d559f585d8e868fcf1fbcd17db16a9ebc2a0011ec0bbfe08ed8b2dd
SHA512

a39ee36489ac86836bb8cc19b7ce2e284cb6a0acff06d44f3b5652d27a3a12981f6d1aaf434ec37f5fefe2bb8fea8c76d37892bf59a565e6d19d16ccefa89d77
SSDEEP

196608:e8tdbIC1j/ObdYvn/PkIUI6YUGGvX9xko0vbkY:e8tdcm7OxYvXkI9dUnvXT0TD

Score

10^/10

Malware Config

Targets

- Target
  
  SantoWareUpd1.0/SantoUpd.exe
- Size
  
  8.0MB
- MD5
  
  a0763ede2bcc1d5eb84be1075685a2bb
- SHA1
  
  c0d49d87ca2a4ba8596e7dafd13f1368204368d6
- SHA256
  
  779060a795c59ca22650a99ea748388c86113999744be684e4142fe443fd3b87
- SHA512
  
  2bb354c6aeb21d8ed535406251bbbc0a9d03cf9e42aa72ca5dec9a580aa1340f672f051687336ed3de8807c9680ff61a72b1bb3398abb784ea232bcb8d848df8
- SSDEEP
  
  196608:8h8P5IGLjv+bhqNVoB0SEsucQZ41JBbIEs1Lx:w8Pi6L+9qz80SJHQK1J9shx
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1