blankgrabber | 201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59

General

Target

kiddionsV2.zip
Size

8.4MB
Sample

241208-ekth5awqel
MD5

427ba211b9c4ab3f3a49a085d27e9b42
SHA1

c3f06ddafa34468caf2e89d2b3813e45fa5dd737
SHA256

201ad024aec65bff251565de0d5c366ddf9569b5a78820bd831a3764917b9c59
SHA512

87eb8aadb40304b037b9e3681020f40ac32e474c786cfb7fffe994c29f6002c9bd44bf487c52450617a0fcf1cf3b30cf8e04f8ebf0eed016cfded0e4dc0460d0
SSDEEP

196608:5o69w07B/TREtRjh8b9u31wF+QkTKjezNVt3XYr/kSCxPzGlsZLIISJ:5oS7hg18pul++QkejgPt3Ir/5bISJ

Score

10^/10

Malware Config

Targets

- Target
  
  kiddions/KiddionsV2.exe
- Size
  
  8.3MB
- MD5
  
  8ff98e2147316eb4fd3cef7eaa9f24b7
- SHA1
  
  53baaae552a2b0d71c43623592685e8b7d33f522
- SHA256
  
  f0f11202a1ed2c0cfd3f697b8f928d77bd187b2911b186a5a095a9189a07afea
- SHA512
  
  de5efe8949507344db174975a40a2d3793108282cebd662f927c11382acb3e37634e2368131206920df4c7a430a408e878d900b12ddee91dbf7bdf6ec555ebe4
- SSDEEP
  
  196608:mrP12cEziRLjv+bhqNVoB8Ck5c7GpNlpq41J2Uavbk9qtlDfqWp:W7rL+9qz88Ck+7q3p91JnqfqWp
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  kiddions/scripts/Ultimate_Menu_V2.1_1.68.lua
- Size
  
  809KB
- MD5
  
  5699591d3f5e1a3ddadc6c27239601d5
- SHA1
  
  d6d266db15662a7c1544e36c314d992d3c012543
- SHA256
  
  a1221cebc62e211ae4f5f6b7d3a7c6f0a4200072795096dc4622ca5c12b9649e
- SHA512
  
  abb66d92eeca41ac23830c26baa0af0a7ec07edd58f1ac6aa2c22a9654578d71c2055e766c6b4d4bdb4d561ea2455363a55528e781c8a02c567fce49baa87ae2
- SSDEEP
  
  24576:3zd8Pzd8iLq49T2n4dPtImI6W4LePHOtgYnXFtgYnXdToABRO:ALq49T2n4dPtImI6W4LePHOtgYnXFtg3
Score

3^/10

execution
behavioral3 behavioral4