blankgrabber | 7d4679915ac9c62845ee8922dcff924475930ed219ece8d49b4eed5be446b085

General

Target

All In One Pack.rar
Size

6.6MB
Sample

241203-eyks5szlhz
MD5

7a32a19e6bd45a0e77b3d3ae506e3c83
SHA1

6980b72e6cd8655a6d583f0e6ed317f2c9ade8f1
SHA256

7d4679915ac9c62845ee8922dcff924475930ed219ece8d49b4eed5be446b085
SHA512

8b940ed21fffe3ea11c7f3e8191a2b0ff6016fb0880ba133766e171b67070cd0a77d46e671345acc7711b6eca78409f28af5c5345c55672d607c8c3e40e2151a
SSDEEP

98304:55rFg7m3I6cAB479xSr/V2pDWkzuB03XQ8WAL8y9nFnx9FleQNUt+O1q13Bvdsy:5dFbYbRSh2okzuBoXQ8WQ7nleea72ldV

Score

10^/10

Malware Config

Targets

- Target
  
  All In One Pack.rar
- Size
  
  6.6MB
- MD5
  
  7a32a19e6bd45a0e77b3d3ae506e3c83
- SHA1
  
  6980b72e6cd8655a6d583f0e6ed317f2c9ade8f1
- SHA256
  
  7d4679915ac9c62845ee8922dcff924475930ed219ece8d49b4eed5be446b085
- SHA512
  
  8b940ed21fffe3ea11c7f3e8191a2b0ff6016fb0880ba133766e171b67070cd0a77d46e671345acc7711b6eca78409f28af5c5345c55672d607c8c3e40e2151a
- SSDEEP
  
  98304:55rFg7m3I6cAB479xSr/V2pDWkzuB03XQ8WAL8y9nFnx9FleQNUt+O1q13Bvdsy:5dFbYbRSh2okzuBoXQ8WQ7nleea72ldV
Score

1^/10
behavioral1 behavioral2
- Target
  
  All In One Tweak.exe
- Size
  
  6.7MB
- MD5
  
  14826a6b533513981a9e6b505a136b92
- SHA1
  
  9da30246305efd92e0b44e3495130bc6864073d8
- SHA256
  
  7075171e943b2313cd1f49f6366b9ca26d514cf65af34f064fd430976f6c038a
- SHA512
  
  4dc94ea531f16043b654092fb5b1138d716ee2657ade14924a4c0392fe0debe2bc24ebdfbc9bead37d717b7492b3d0eacbcb12633f9ce83e070d2f3c004ed3af
- SSDEEP
  
  196608:7xFyoeN/FJMIDJf0gsAGK5SEQRSkD3xTS:O/Fqyf0gsfNSkbxO
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Gg7��.pyc
- Size
  
  857B
- MD5
  
  8c2c5b0f30354a0e2bcd813530ceaeba
- SHA1
  
  fa4866f5ee2422ae7fd9af161300960bd79bd3b4
- SHA256
  
  29eea85d1a42ccd14aa54b1d4dd20c3beef0cba33d57dcedc959ec08bf4dc626
- SHA512
  
  c01ef72a60bb53b8d2067bef028376e66553a1028a0f4d07452aedbc6e481b3ecf6ed67646cbdb8a018a7f59d26f9a3e7d754d74f00f2b91a307bef86fdd9554
Score

1^/10
behavioral5 behavioral6