blankgrabber | 7a43e7fa643bf4e892994c61314aa265ea1e1c46af5313c4cdd90a66f6507b9b

General

Target

AccountMethodv3.rar
Size

5.9MB
Sample

241227-ep1g8s1pcy
MD5

8a4cd510c6efeefc9fc33465814b71b2
SHA1

b9c1e5dfccdf13ddb0206da9f195f27cb63b32a1
SHA256

7a43e7fa643bf4e892994c61314aa265ea1e1c46af5313c4cdd90a66f6507b9b
SHA512

9757d25393bf7d1a676813c615069f52186bf1f9a5746f28847f8897a97e9dee6b1a3b0f2b3dd4d4f1670143c0eae9fee0df0bcc40721370385440b52228c8d6
SSDEEP

98304:+YMKVhn+UVUcFhhkiW27e1V6OuP+W4M0o6YcSvJF1AnKGq2j7UWAvE8WHL:+JK7+rcFho5u+WR0o6YNJF1h2HwE1r

Score

10^/10

Malware Config

Targets

- Target
  
  Account Method.exe
- Size
  
  6.0MB
- MD5
  
  533098d68bed52f271ccacc2ff9b90dc
- SHA1
  
  9c73399366c258bc43f0a64f2caef51cc60a6df1
- SHA256
  
  369b6cecb9a25012323387c19abe99e8c82370f22c941172949c2458d8f4f2a2
- SHA512
  
  5d3138178bcf2c2fa1d80a2ad09b3e4af7a58386c60c85ad7d32c3460c40294eb1f1ca9ba10cc76f87e4152c235b33829534bc04320fa1ab62489a0b4069989a
- SSDEEP
  
  98304:xIEtdFBgwBamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RsPMEB3JdMDTD:xvFmeN/FJMIDJf0gsAGK4RskEKDTD
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2