blankgrabber | d9671229e05ec507b1b97e7ffd535c871e9856d96e2276197f89c9afd97725a2

General

Target

Condo Generator.exe
Size

7.6MB
Sample

241206-n2dcxawlfs
MD5

aca20efda4d895c0936f9afc03773792
SHA1

0b44158a9de2a1f04831337efe27c3a46fac7a11
SHA256

d9671229e05ec507b1b97e7ffd535c871e9856d96e2276197f89c9afd97725a2
SHA512

610a954e792a08a0e43c385e1dd98695be6c62d30d34e374269d7addd4fdb7a9ea1a763e13f7e444089b0663eb21e249cd60ad564eef94563c8a03e1b1a9ac8d
SSDEEP

196608:TEHYGHSwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jJ:2RIHziK1piXLGVE4Ue0VJF

Score

10^/10

Malware Config

Targets

- Target
  
  Condo Generator.exe
- Size
  
  7.6MB
- MD5
  
  aca20efda4d895c0936f9afc03773792
- SHA1
  
  0b44158a9de2a1f04831337efe27c3a46fac7a11
- SHA256
  
  d9671229e05ec507b1b97e7ffd535c871e9856d96e2276197f89c9afd97725a2
- SHA512
  
  610a954e792a08a0e43c385e1dd98695be6c62d30d34e374269d7addd4fdb7a9ea1a763e13f7e444089b0663eb21e249cd60ad564eef94563c8a03e1b1a9ac8d
- SSDEEP
  
  196608:TEHYGHSwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jJ:2RIHziK1piXLGVE4Ue0VJF
Score

10^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3