blankgrabber | d94259329e042360d48ba2d18cc630277afdaaeebf389dced4d5070831e6fe33

Sharing

General

Target

v2.zip
Size

22.1MB
Sample

241209-2y3ehsvjgv
MD5

57f99326d3f928ba22af77cafe740cb5
SHA1

6520df10766b0a03e743bc05db655c636903e131
SHA256

d94259329e042360d48ba2d18cc630277afdaaeebf389dced4d5070831e6fe33
SHA512

9017699dd6f40823f4ca8dbee376e54f42dfb022cd26ca5aa9ba8044382d6e6ed58beddeb1340ef719c0bfc0bd9e069dc936638da6698d4683055bfd4de11400
SSDEEP

393216:MMCJVKXwsfR1wqmV+DMhPZX8uN7u0n8SIg98t/x4XwvRtAXNR8wv+Xc:EJVKF5IJZX8uOx4XwvRtAXN

Score

10^/10

Malware Config

Targets

- Target
  
  Incognito.exe
- Size
  
  7.6MB
- MD5
  
  72e2b4413ff836e2ad5dd77153e71899
- SHA1
  
  afd8ec0b3dfb167abe2d6fc8edba4ab54575ec1a
- SHA256
  
  63d77e021292892820aaad4e98054116c6eb9096c28bdec5f9203e50fead8a46
- SHA512
  
  bf01cdce9b3721777cc46b0104601548bd2b3dc3217a6f35eb34469c17ff2ee24347c265b72f60e4c7b7d137152ce808167f018bce936c9af78f23245ae37c42
- SSDEEP
  
  196608:dh0ceNTfm/pf+xk4dNSESRlU/aQJ8MM5w:d2y/pWu4m5RlUy2tyw
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  bin/incognito-luau.dll
- Size
  
  1.3MB
- MD5
  
  157fd035b2a344a94166d7db3756df0e
- SHA1
  
  f221d28c1deb80b4e8d9201226435aefce6b0f75
- SHA256
  
  8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
- SHA512
  
  fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk
Score

1^/10
behavioral3 behavioral4
- Target
  
  _collections_abc.pyc
- Size
  
  50KB
- MD5
  
  60b1b6f71502b5af1e52305a2a0b1db3
- SHA1
  
  7e3d6f0c2dbfa11bc5d46162c1b995c48ef0bf97
- SHA256
  
  575c455c2d7630afb48bc76c7320544c57739c7660b4320d0aaec909234c0572
- SHA512
  
  62e478a77c535c4bb1e1297d6f7cc5248c4122ec66192b34b28d6cf5019df96ee24503972af4b0f71a20806c12cbb40722436178a7b4b29f4af92a8dd75f5dcc
- SSDEEP
  
  768:4W0g3LUXl5SPb9TycwdvkimlmAQ4sqL7+w/jEthRUeRKivBjjW:4W0g3LEGe1vkimlmAQRqLShRUGO
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  _weakrefset.pyc
- Size
  
  12KB
- MD5
  
  92abe13ce0da28a3a33ce49872c232ac
- SHA1
  
  526476eb659efd792b527fb2c5c36322d6fa635d
- SHA256
  
  aa29a3f6844f93015c0fb0f5334bf567725449ed9f664d8880e2a6eccb8a1848
- SHA512
  
  346cad6d7c38caff2dc1bb99e8c9542549f88d54856b7274d4def383606529f22d4c66ce1422a3c08987b944e959de33cd6a5c39da41e55b74499b4f33fd2fa1
- SSDEEP
  
  192:i08ugnpkCaKY9jcFn4e19oNpRjacWjMEwjj0JJBTUqdTZEw:ipVpkdP9gF4e19oNpFajjME8jgBBTZEw
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  abc.pyc
- Size
  
  8KB
- MD5
  
  2bc301ccecbfae0fe9dd25cb2420004d
- SHA1
  
  e9b0107dcd63cfdb507c108929198824692c2580
- SHA256
  
  86b3ecf8174e5c73935b4d4b6bca493a4f9beba3406d7db90feab0c8dcc39a33
- SHA512
  
  2620a7a00de81630b1192e667cd0bf1504479f13853d0f81e9179ef14066b7a72904563a10cbf790a48edd950cdd5ffa26cef0bd060e2a2ce926fac76a8b78e2
- SSDEEP
  
  192:x2+dPAnn84ttUUIs1p2lYUtCqMNbH/7fLrXLk5ebmzuUAlu:x2+dPktttbzqMxXLk5eCMlu
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  codecs.pyc
- Size
  
  43KB
- MD5
  
  35dad19f6e006302dfae58dc9087823b
- SHA1
  
  ee44553868db7f4a6d3a7e96922a8367089d5235
- SHA256
  
  6002f4ead8edf5825bbdabfbdf9de855b516782d81e887bff9e81f476751314f
- SHA512
  
  d032ab606bb42451aca3845996e630219c55ad3cb791b4bfcd0beb20a2f42227c70a0f2a94a1765bd6d940d290989dff3f7f53a4bb8736d9c45243b5882f360c
- SSDEEP
  
  768:metNHwz9foVdWcgYxeNYKbgPFNJgODbbW0p1jygObNBDveaZtqrrVFvT2HZcaA8B:m/rYxvxrHxygoNB6aZtqXVFvT2HeiB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  collections/__init__.pyc
- Size
  
  76KB
- MD5
  
  6aefdfd8603d82a4e861b5e37719745e
- SHA1
  
  c4375da9ddf613c6c05369c67e5898fb28f9fd65
- SHA256
  
  3b2346f800a9ddf73cd181f39ff5d3115c854cd7ff6433ff4514296d5ff9038b
- SHA512
  
  ac64d20b17592c22ebbcb20ab696315b5427fdad41d20cb197c6b76d9b27ef108024242681886884a71f3a8025f31768b3e63b87fc67c23590c41f81350b27ed
- SSDEEP
  
  1536:gV9XoaUySe2vipDRBPoVINh8bh0AlkbNUQR7FISuA0f9v3Foj:i9YTySnA4vWj
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  collections/abc.pyc
- Size
  
  274B
- MD5
  
  bce2673839e62a748717fb18fbf98037
- SHA1
  
  65c0cccc6cd710fa94fd5777f065d755266d3a06
- SHA256
  
  29691e0832cd8599185eca7bacae1b089fbfcd201ee7a1c5b676acb5b0edbefd
- SHA512
  
  b3ab7187589e36bdaaacaa5f460c35c5f2c8ef54f7ebb9a08d9bf482768859eef99643257a30ca3501d78139b119fc0d280b8f5f31ede8f7c5af489baeb3adec
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  copyreg.pyc
- Size
  
  8KB
- MD5
  
  0f47232227fd3ce89f7042fc61ede6a2
- SHA1
  
  2051c463a789a70a0b9b0b2b46744e3b15633fe0
- SHA256
  
  9292442d6c287957bce4b53066312f18cf8d1ba5fe9b0e826e1413b7d5cdcddc
- SHA512
  
  ec9067b2acbf5e95ef8285261a27b9b564371562ebaf4e0443da2495e7048ba0c42d58dddb047467b2bc8bcb475503aa21b1c492b311b7fb350a6ab80c0073f2
- SSDEEP
  
  192:7QHjFYDJ85mNGa7lU0Qx4GE4BvT4ia7yfhePHj8TIxeLH7TOyTM:7QD+imN/xgZLo7NjJxcDI
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  encodings/__init__.pyc
- Size
  
  6KB
- MD5
  
  06f541eeb6bbc9f8c08b79caa36bed40
- SHA1
  
  5cb8ebf1a95a4586cae644e1adfea5bfdfd5a6a6
- SHA256
  
  d0c5cbe76f1998ee6124fc06202c03b3c1a438e6da70291c9b134261a379df60
- SHA512
  
  c65822d22f2ab26e00c589683212da9187570768e6becff22e0fc46f880e97fda42a0a6a0999fc45ad3336099a75cdd6cb0b15d89b7c4b355c78aaeb670db26c
- SSDEEP
  
  192:mYLpFkYXqEDX29RuL0NYjxJQF00oFSD8/atGoxlUt:3NnXqWXSALSgFSDxct
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  encodings/aliases.pyc
- Size
  
  12KB
- MD5
  
  80e6cdedb14228b2c711be998669e744
- SHA1
  
  8ded011cd21c8d73458c23691ae0bbeef5c79d79
- SHA256
  
  a94e50c1a052ee82c4d59180b082c00c101fbec295700855958cc0a5052d1e05
- SHA512
  
  f0e72222a1a27f650ae06a354bcf678a61866d5b3bbb1512fc9e6939b9fbd1c84e28b0e0b811adc3cf984095970d109a226b7b2eacc30a080eac3ce1bc201731
- SSDEEP
  
  384:qEXG0bueBU6uHc+TMPUfxYtwI9CwZIb0xX:qYG0YGsfmtwJiIqX
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  encodings/ascii.pyc
- Size
  
  2KB
- MD5
  
  d7109d54ee1e9b7d55ba54c7e24e2ac9
- SHA1
  
  9647f78a4391221ec6f778b34cf37f76157fdad3
- SHA256
  
  d1cc838d84d63c045851c0ec014a44de5babe63b0ab87fd0e3234a412ce2a375
- SHA512
  
  23dd065a82adff97c93bd697a1b4c33e74f2951f795fbce70e88237a28eeaecb927d79c24b1b12f33dc5c6bb588de85ae11b78eb4c2464034410b8fa2c58159c
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  encodings/base64_codec.pyc
- Size
  
  3KB
- MD5
  
  ad40198e4b7ee12c70fcc80df23c15e4
- SHA1
  
  83d1ee7249ea3154c543b8a74727c8eab240288d
- SHA256
  
  808827498bb0c3414cba76e4aa60df6102b4afa8cd0ff295f8d2228f106c6aad
- SHA512
  
  383c7e99732dd16e745af1515c1e4db556864c01333aa2f710c7e169f9e1c66224c4bd44d2c998031306d1c887b1ac800e3336ac6e44df53e2d2994b158e2265
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  encodings/big5.pyc
- Size
  
  2KB
- MD5
  
  a3009f4b2f64d843b6f4bd69e28da679
- SHA1
  
  98ad5db3a8ffeca09bc5fbc24ecfdf4f4821359c
- SHA256
  
  385ecbb815e394c4247aa125c352f55ebcc9a3fd272bac494b25a31a576aaa1b
- SHA512
  
  755a48c2f0d7f96c3d1573a645aa9b1cf8ee8f88650fbdaba9ab54637135fbc97e2db5a29a1abb3b2a67e4b9ab9cff4a0efe126ed28e7b3b3319fd9ebbdb724b
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  encodings/big5hkscs.pyc
- Size
  
  2KB
- MD5
  
  6155da3d274adaf47719aea5fcbc27bf
- SHA1
  
  fd4ff9b9599417f6bcc3953d0b7c5c9d4e85f47f
- SHA256
  
  928f752c3884b363b7314a17beca565ceb97514331ae99984ee71a75abe79d07
- SHA512
  
  3ee688f897e42ad57d17e4105288422886d5faf9da9d328dff30adc92cccc7b06eed174329de840bc5605acb62838fdcf15e3e7e6263096084fce8665672ba6b
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  encodings/bz2_codec.pyc
- Size
  
  4KB
- MD5
  
  5cfdec3f84ccec5f9764eb24af3d9623
- SHA1
  
  4f1e3f157249207ae20831e254d4377674390753
- SHA256
  
  9a57ba7fba01226c0fee1812a03e647c2439c43b593987b68197a0a2f10cf50d
- SHA512
  
  82bea0e602e36f51a5c7ac7f102580b973b097d34129fcd99ae9cb41989d0eaca37e50934e8ba0caa78655b4e4ef6052dd15a86fe03e493e324b63f8b22c18b4
- SSDEEP
  
  96:OUdAGtJGjuftcL2KtoMqDC912+Yovof4daT+sIIwGK:bmGtJUu+L2KC3DC91xvwfNIIwJ
Score

3^/10

discovery
behavioral31 behavioral32