blankgrabber | 1ecc6f8c03aa648b8d21fd5b8315f4b0e3211c1801be22ad9727cd696f3e682a

General

Target

PeakGenULTRAOP.exe
Size

22.0MB
Sample

241202-wfmy8a1kam
MD5

615c1e81e50f0c0a16dfd95b71b6db1b
SHA1

dd06c918b6924a8d5f61edb58a704bc55ede22b8
SHA256

1ecc6f8c03aa648b8d21fd5b8315f4b0e3211c1801be22ad9727cd696f3e682a
SHA512

85a0005a9d2c5a4efbcbf7a733e03c12b58b453714c2c18e31d7e493ddda118b4a1ace698b742abfa50438c5d98c8096b8be271c0f653ce7ce0d4c90d093c221
SSDEEP

196608:fVHYXwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jc:/IHziK1piXLGVE4Ue0VJo

Score

10^/10

Malware Config

Targets

- Target
  
  PeakGenULTRAOP.exe
- Size
  
  22.0MB
- MD5
  
  615c1e81e50f0c0a16dfd95b71b6db1b
- SHA1
  
  dd06c918b6924a8d5f61edb58a704bc55ede22b8
- SHA256
  
  1ecc6f8c03aa648b8d21fd5b8315f4b0e3211c1801be22ad9727cd696f3e682a
- SHA512
  
  85a0005a9d2c5a4efbcbf7a733e03c12b58b453714c2c18e31d7e493ddda118b4a1ace698b742abfa50438c5d98c8096b8be271c0f653ce7ce0d4c90d093c221
- SSDEEP
  
  196608:fVHYXwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jc:/IHziK1piXLGVE4Ue0VJo
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  �H}.�.pyc
- Size
  
  1KB
- MD5
  
  be831bd54740ab65333033f1c7ee5407
- SHA1
  
  d08930a69037b021f506efe65ec65bb5acc25937
- SHA256
  
  a1007d9ea1c6493bcc2528d897acb1bb0c5e298a56b805264755f192c99b5109
- SHA512
  
  03392201d5adca6fe76ee07efcdf0e4121e676f89c3176671fb3f5a7c4c15b0d0a019b54780e448a2d56908ddd9df83008190bc4cd0554215446c73e95290fae
Score

1^/10
behavioral2