blankgrabber | 30be06fc1cd8a378b3357bfb9091f61ecbd1bf3421fbc74e9ab9a408d2934859

General

Target

ZyroTool.rar
Size

7.5MB
Sample

241227-t84rbsxlgm
MD5

e0e2ffa20196068417e0f2eccb9eb24a
SHA1

c4a74765a98a214d47b7807d9853e7df8b850de1
SHA256

30be06fc1cd8a378b3357bfb9091f61ecbd1bf3421fbc74e9ab9a408d2934859
SHA512

91f7ffaa79e0087f41e22b998449fe3e85ca44abfb97d5e8ac5c0bc2cec4ff20316cd20b3a3c7e40e03a3ec519475e106964fd1bfdefb3123ee0c93b6fcc8ea4
SSDEEP

196608:PHTCe6ggfa4k0cspHqgwtbJPQekE5qeVZTuQfDx:PmesfavWKfbFQekoqOq6Dx

Score

10^/10

Malware Config

Targets

- Target
  
  ZyroTool.rar
- Size
  
  7.5MB
- MD5
  
  e0e2ffa20196068417e0f2eccb9eb24a
- SHA1
  
  c4a74765a98a214d47b7807d9853e7df8b850de1
- SHA256
  
  30be06fc1cd8a378b3357bfb9091f61ecbd1bf3421fbc74e9ab9a408d2934859
- SHA512
  
  91f7ffaa79e0087f41e22b998449fe3e85ca44abfb97d5e8ac5c0bc2cec4ff20316cd20b3a3c7e40e03a3ec519475e106964fd1bfdefb3123ee0c93b6fcc8ea4
- SSDEEP
  
  196608:PHTCe6ggfa4k0cspHqgwtbJPQekE5qeVZTuQfDx:PmesfavWKfbFQekoqOq6Dx
Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1