blankgrabber | cf52a50aa29f0d1ab6e0dbd6b73bc38914bec960659821a685ae111d3f450d23

General

Target

cf52a50aa29f0d1ab6e0dbd6b73bc38914bec960659821a685ae111d3f450d23.exe
Size

8.2MB
Sample

241202-m4sd6s1phw
MD5

6b0caf2b75c1cb7d9ab4a31d6a9c6f19
SHA1

1a4e6eccae9837720564a6efacbb7a10b71c8f70
SHA256

cf52a50aa29f0d1ab6e0dbd6b73bc38914bec960659821a685ae111d3f450d23
SHA512

b4afd1825c57c18908d447bc508ab5a07c50696913b1f079e0a8cfd5ec527e5875ef83f0a6c5dd9f467d2ce23216eeaf57e96992e4550fdfa534a55084c03512
SSDEEP

98304:jJSiUluTR1QurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJocSpXqjEwKhw:jQ2QurErvI9pWjgfPvzm6gs/SEjEF4f1

Score

10^/10

Malware Config

Targets

- Target
  
  cf52a50aa29f0d1ab6e0dbd6b73bc38914bec960659821a685ae111d3f450d23.exe
- Size
  
  8.2MB
- MD5
  
  6b0caf2b75c1cb7d9ab4a31d6a9c6f19
- SHA1
  
  1a4e6eccae9837720564a6efacbb7a10b71c8f70
- SHA256
  
  cf52a50aa29f0d1ab6e0dbd6b73bc38914bec960659821a685ae111d3f450d23
- SHA512
  
  b4afd1825c57c18908d447bc508ab5a07c50696913b1f079e0a8cfd5ec527e5875ef83f0a6c5dd9f467d2ce23216eeaf57e96992e4550fdfa534a55084c03512
- SSDEEP
  
  98304:jJSiUluTR1QurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJocSpXqjEwKhw:jQ2QurErvI9pWjgfPvzm6gs/SEjEF4f1
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2