blankgrabber | 4be74403d68b211414c6a33bd631f0e1724d09ee07838a2669d687e9695bdf5c

General

Target

TGMacro.v2.21.rar
Size

8.2MB
Sample

241201-lt4tsatndn
MD5

48e3d4e447fcc3fc7a861bf2cb5ec6a6
SHA1

1ecc83cee2d7609d6affc5a0877c999db8009e72
SHA256

4be74403d68b211414c6a33bd631f0e1724d09ee07838a2669d687e9695bdf5c
SHA512

4b81a19f97a236ad8bba1f7e3edd9b008fc331b0564c95852ba3c51d40ebcec4ddcb961f67eebd593df6cccb46a0eec24dae06b9baad376a85069530126fb026
SSDEEP

196608:sKkkyB28PjWG2lsqFsk/3E8Uqwx1GldS/UxnJdFf:fkkyB28LLXw3za1SY/UxnR

Score

10^/10

Malware Config

Targets

- Target
  
  TGMacro.v2.2/Lib/CSInputs.dll
- Size
  
  18KB
- MD5
  
  e53fe3d87d51a8808a5345bd86b6bebc
- SHA1
  
  234cae9417af7b266cb148966991872200076c94
- SHA256
  
  b1ace49a18b80fcb446713175a5e753859a886d79b197edab10ca16ffc1e9420
- SHA512
  
  68084455de45801f15c7d211ce0566d7b4fb15cff9d4050b489f39e63270853e12df0cbc24b867b67bf2e4001834836b8ab0d6b1fc13162552e3af6eaf6db395
- SSDEEP
  
  384:jI03RGgcys1slbkYealDw94eU2B7yMkY+hcDsyDS6bhgTdj/:D3RG5OhpDw9q6hgxT
Score

1^/10
behavioral1 behavioral2
- Target
  
  TGMacro.v2.2/TGMacro.exe
- Size
  
  8.4MB
- MD5
  
  93c0bb45771fb8e27ed3ebfda3cf2739
- SHA1
  
  9a310973ae55fc84cdb92ec7deb947155cde77c1
- SHA256
  
  1305d099d7014e229d71825260f628b8018c84a2bdbea7b205c807f448742bce
- SHA512
  
  1248af6755d35e31cc11f5e3541d8a8640dfb6478b349de5d854fd882d83cf3af84a635abec05e7e403cd2ce73e56e33b7d6f9c82c9aefb3c2e3090b2b822c4b
- SSDEEP
  
  196608:9YLMfYrxwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jp:GOIHziK1piXLGVE4UrS0VJt
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4