blankgrabber | 4461c776b98997d20667083d19db07e892884b42410a3a4a2272a4559319d83d

General

Target

ARK Premium v4.rar
Size

5.8MB
Sample

241221-vdvevatlas
MD5

8abd344b753f238eb81d0b5d0208f23a
SHA1

149cbd47c701cc97458f867ebf09831190d705b9
SHA256

4461c776b98997d20667083d19db07e892884b42410a3a4a2272a4559319d83d
SHA512

8fe93569280d1929e93abe2428bed791dc78e8ab3703c53f2edd13d48c40a314f76a502f32fa3f2c0fd42cbfa89aa7d96ab3c877eb767b468e3727d860dd28d8
SSDEEP

98304:2C6P7J6VKaHgQZtsUzzeQ45d7vVViohBmE2Rx3O61hiMFdWmEOQ/+Nzh+zs2EVvZ:KJ6ZgQZtsUziQ45dzfiohw9BDriM8OQ6

Score

10^/10

Malware Config

Targets

- Target
  
  ARK Premium v4.rar
- Size
  
  5.8MB
- MD5
  
  8abd344b753f238eb81d0b5d0208f23a
- SHA1
  
  149cbd47c701cc97458f867ebf09831190d705b9
- SHA256
  
  4461c776b98997d20667083d19db07e892884b42410a3a4a2272a4559319d83d
- SHA512
  
  8fe93569280d1929e93abe2428bed791dc78e8ab3703c53f2edd13d48c40a314f76a502f32fa3f2c0fd42cbfa89aa7d96ab3c877eb767b468e3727d860dd28d8
- SSDEEP
  
  98304:2C6P7J6VKaHgQZtsUzzeQ45d7vVViohBmE2Rx3O61hiMFdWmEOQ/+Nzh+zs2EVvZ:KJ6ZgQZtsUziQ45dzfiohw9BDriM8OQ6
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ARK gen v4.exe
- Size
  
  5.9MB
- MD5
  
  3ffe9096a09d9945254115d93d22fe69
- SHA1
  
  ca12c68e82bbd5a656c817eaf46bf17da0a0689a
- SHA256
  
  de83827afad4b125b56f60826cd83c4c0f699e6454d4869e74a7fba4874e04f8
- SHA512
  
  c54a576ce877215f14150bc0fe69913f99bb2e807d5c21bffddc5a91bfd7e2a76f32a39a07c7df5cbd03f13145b241a60f5b55bec1a1e3a2ea97a914cfc4f617
- SSDEEP
  
  98304:mkDe7pzfmt8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDgFM713eMWOL:mhNzfB6yA+KO0WRti7/WOL
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  8#��~�.pyc
- Size
  
  857B
- MD5
  
  096cb0090272584c174f908894088a03
- SHA1
  
  b35ba80ec6402cd002660ec1b92485efeefbb617
- SHA256
  
  4ef4bad29ea249258d90f73a4a789fd4aa73c481a034c968d0af13437ff232a9
- SHA512
  
  ba8137e5170e001a2d8256eb4b5fd78d746b7ef594a88ac7c8542386a4ba2839b340f985aa9509ad94e1c6273c17ab39f74bd33ef55ed0d6f71e8ba60d98be5a
Score

1^/10
behavioral3
- Target
  
  README.txt
- Size
  
  204B
- MD5
  
  6cbb0549c224127609e3329b3df0442b
- SHA1
  
  d46001e167f96c72fcb196645b94483b588839b2
- SHA256
  
  28d7399aa5add63b79f1c395042f7f0747474167ffa88de22b1bc10951607df4
- SHA512
  
  b26ddad91bdf90017a0781df58feafe6f52129d012cbe8a838504a0c80b176d99acf5566a8eb6f24b64926526b20d510e42d33537f6819100e2b504a5edff6e8
Score

1^/10
behavioral4