blankgrabber | eee4cedb41e61dbfd4c6b7838b57661a2fffdda006a1bc957d23d703ec316901

General

Target

EpicChecker.rar
Size

7.9MB
Sample

241129-q1wtzaykhw
MD5

8cdee71270279e291b2f657ea3f67884
SHA1

438990fddee677933295be58b95db110ada53128
SHA256

eee4cedb41e61dbfd4c6b7838b57661a2fffdda006a1bc957d23d703ec316901
SHA512

20cb93ec4684c6bde50232cd5759d33558bd6ad4c4fb4258729573af114dce183fd877e22c5900fb323697017d798e80a940db3d35dcc839485ab7c060b8f407
SSDEEP

196608:8s0FablHYct8o9lXK1TbYIZMKwba7rV1l4Trzs:JKablsojGf3MKwbavlczs

Score

10^/10

Malware Config

Targets

- Target
  
  spoofer/EpicChecker.py
- Size
  
  343KB
- MD5
  
  77610a0efc73f8bc23701e7eb562774d
- SHA1
  
  f43271a587514c72fc2c1c6413b85baf7dc2ec3b
- SHA256
  
  3986eba75cdda51b6a24958f7958c5d66119ae8423af870999a51e1af38c6056
- SHA512
  
  267a1d800127e73952201cfade533307378df9456242cdb126a74be9bf0379926ac7101ea0a1eb3619623a4416457ec0d2cfa055a8c36ac4582570aa653dc13c
- SSDEEP
  
  3072:sUpKK0dh84Ds0dh8z70kp9/ZE97aV39IcZ:FpKK0dh84w0dh8zYkzb
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  spoofer/crack.dll
- Size
  
  2.3MB
- MD5
  
  a99ecd8ec643dc9db372736fd6fd8eb5
- SHA1
  
  91e8270faf4666ca60d9b41ece1dd3f25c0fd8fd
- SHA256
  
  6fa983aab41fbe45a79236330245c49fbb318b75efb4bc6b78fa551d29ace518
- SHA512
  
  a8cd99023e6db3352a96ac7179acc5ae9e09e186f1a9ff55672fdac520821ef51cc48a7ac821b862966959ab174b49f17057744491656b9832b6dda61fd157bd
- SSDEEP
  
  49152:IK+yy5eom+KbDbF7BBLz1iYCY6nWefdmjLdGGf:Zom+Kbtz1iYCY6HfdmjLdGGf
Score

1^/10
behavioral3 behavioral4
- Target
  
  spoofer/mapper.exe
- Size
  
  7.5MB
- MD5
  
  4f8ee6ff1ed295b4227a8e9e536c9a48
- SHA1
  
  204116eef3f0d564240d4082d5dea7c89d98495e
- SHA256
  
  e29649ae22328d57f3f6ec42d10bdf496b3d62351e6c90ab070f9bd966e22cfc
- SHA512
  
  441941116f6c815dbed18639a519aae55d494b199625c22e668a54e1583fe14181fb464047e951391efc4b6740eb25a59040f13c13cc7fcc5d833400cb2d69ae
- SSDEEP
  
  196608:9hgFO2gDwfI9jUC2gYBYv3vbW5+iITm1U6fE:8FO2gwIH2gYBgDW4TOzc
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6