blankgrabber | 222a95474744c4152632a32f39113b2e4463b687176165a156ea37b0128ae4ea

Sharing

Copy URL

Twitter E-mail

General

Target

Vortex-123.rar
Size

84.3MB
Sample

241205-m5sfkaxnaq
MD5

4c5c9413090814a0b07c31dbc97ce852
SHA1

7c1f3350bc6a945ae677a626ad26dc4ab7117d98
SHA256

222a95474744c4152632a32f39113b2e4463b687176165a156ea37b0128ae4ea
SHA512

d9841011728fb83ff373a4b506f6997dd4a1b976d6dc56e8239cdf57b742dd53774f283342e915dcfac45ccd88f365c254f9e73e31202ceab84fa6eb783a07f1
SSDEEP

1572864:2QPM6CUzkTuolSCJXaGNaZuQ993ymQr+JK7RFuNqi4i7lHxjIPm9/LSAMICDzG:HPFdzjolShuQ9hymBJK87hNyDICDy

Score

10^/10

Malware Config

Targets

- Target
  
  Vortex-123.rar
- Size
  
  84.3MB
- MD5
  
  4c5c9413090814a0b07c31dbc97ce852
- SHA1
  
  7c1f3350bc6a945ae677a626ad26dc4ab7117d98
- SHA256
  
  222a95474744c4152632a32f39113b2e4463b687176165a156ea37b0128ae4ea
- SHA512
  
  d9841011728fb83ff373a4b506f6997dd4a1b976d6dc56e8239cdf57b742dd53774f283342e915dcfac45ccd88f365c254f9e73e31202ceab84fa6eb783a07f1
- SSDEEP
  
  1572864:2QPM6CUzkTuolSCJXaGNaZuQ993ymQr+JK7RFuNqi4i7lHxjIPm9/LSAMICDzG:HPFdzjolShuQ9hymBJK87hNyDICDy
Score

7^/10

upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Vortex/Vortex.exe
- Size
  
  71.6MB
- MD5
  
  d417df6285a2da1807f2006c67e55fa0
- SHA1
  
  6176028b0d0c99cb55ac03c4d9b7b959db76c461
- SHA256
  
  5d4f08350aa10af6fb86f99bdb554131a7a14f84bfe5f8f00b979b71de535322
- SHA512
  
  dcd02ea6c68d3e2a1ff000cc71f5c3b7d3c5d9111220754af70a060c4518c0e19b645f3039bbb7292c4cf6e9d3b23915788d897ed36d68c42f80da50413268b8
- SSDEEP
  
  1572864:ZMqrKeGqtCilWLvchcHCthLVnT1+PjcNSxWiW/PN4XdXhvHYSObHwPU42GcBBf:ZMKpCHLvchci3VnTIqbiiGvv4iMccnf
Score

8^/10

upx collection credential_access defense_evasion discovery execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Vortex/__pycache__/lunar.cpython-312.pyc
- Size
  
  3KB
- MD5
  
  537692781ea1bbc26e6cff054bbf723e
- SHA1
  
  da6cf2cc5fb8902db6027ec0cf9d60f7aa41c36c
- SHA256
  
  93b0b0a52938648ff114aeafe9b62a16ec181980d2333c21d610501fb86b138f
- SHA512
  
  a89b9e78be3830f829c4aa2036e661782db0a3ebd9029f643c96494216c8c43cfe1998736347747c5b9149e915bc3e50822cf57f8811004c4290e4340eaa1f8e
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Vortex/lib/__pycache__/aimbot.cpython-312.pyc
- Size
  
  14KB
- MD5
  
  acdeb4d87c5fab17721a6d7967839568
- SHA1
  
  3eb7376a386b4bcd8b9d0bb8a0184f709b112f06
- SHA256
  
  44780f74d986c8a947421971a363e93289b4dbb4f64ec7e1ac4b9779201c2410
- SHA512
  
  328f5f92fe1efbed51ad6a3b34801872c464a3b92dafb1d4b2283d0fb2e2b78ef2598808f1949772644d2cb5a445eabf260764ef4392b6e7b41febd6374e2ecb
- SSDEEP
  
  384:Aj8G7ByyD5Bh9yNrICtnMVy+rzzSQYrMQ:ALDTDrCD3rMQ
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Vortex/lib/aimbot.py
- Size
  
  10KB
- MD5
  
  e616a5ffe2d41c26348cadf31a129730
- SHA1
  
  7a6aa6450d51c6a99a716e6e487a4752c3a48b8b
- SHA256
  
  3e7ccdd6041473b71e4d5327a6e35c56de00ff82837fd67ea93fc4604e69d4b8
- SHA512
  
  7dcb365f347f65c8a71398c123ddfff8cf3d52fd09fe1ee489dff037fe90c951071f0eeed29ab56ed7824efeca3e26897318f2d18f58f614589b24a8e5047d03
- SSDEEP
  
  192:KfUxd4DcPCDxSd4DcbDkCF8wJAsbBM+jkfinv5ItH+N4xuwHx/MyM0inP5Pk21Ix:KsxIiCYMMYfMnPpd1Dm8Or9Pn
Score

3^/10

discovery
behavioral10 behavioral9