blankgrabber | 94ee9f31140e308fa5665daf0beb8385feb02ef369213110b80828fe0b0f2bdb

General

Target

verse spooferv2.exe
Size

7.6MB
Sample

241204-ce7sfswjhw
MD5

11ef13006c883349e7a5e274b6e97f6d
SHA1

060020ec86b95bc3b0a03df8e8a3d6db50a90a9e
SHA256

94ee9f31140e308fa5665daf0beb8385feb02ef369213110b80828fe0b0f2bdb
SHA512

1faf60485e0a120a81fd7c4d1b857eafb72744ea2a1d9405a689ac17a45c3b8dc163ab5ba9b60359ac2a14da0109e41f0532fc94eba76dbf2ca9315da0c1d784
SSDEEP

196608:GAHYHwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jF:bIHziK1piXLGVE4Ue0VJ5

Score

10^/10

Malware Config

Targets

- Target
  
  verse spooferv2.exe
- Size
  
  7.6MB
- MD5
  
  11ef13006c883349e7a5e274b6e97f6d
- SHA1
  
  060020ec86b95bc3b0a03df8e8a3d6db50a90a9e
- SHA256
  
  94ee9f31140e308fa5665daf0beb8385feb02ef369213110b80828fe0b0f2bdb
- SHA512
  
  1faf60485e0a120a81fd7c4d1b857eafb72744ea2a1d9405a689ac17a45c3b8dc163ab5ba9b60359ac2a14da0109e41f0532fc94eba76dbf2ca9315da0c1d784
- SSDEEP
  
  196608:GAHYHwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jF:bIHziK1piXLGVE4Ue0VJ5
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1