blankgrabber | 8e8b3425218ab1731d6d91b160f1486a535c766aa142ac95dbc4a0601df4f634

General

Target

8BF075E043F.exe
Size

50.0MB
Sample

241228-yltp3a1rbk
MD5

11dc6f028832bbc5c8d59c80e22d7e05
SHA1

7181d88c6ea9d4b174601017137a60642b2744df
SHA256

8e8b3425218ab1731d6d91b160f1486a535c766aa142ac95dbc4a0601df4f634
SHA512

71dc87db88925b1f34d8564f07a7371b6b9074b92bd63505ea3aea7a31f852db50f5db8e2afd5862042751b98405414f7295bb8e21909e4b17d0bc9fdaf3dadc
SSDEEP

196608:7YDRkda+wfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWJ:caE1IHL7HmBYXrkRoaUN6

Score

10^/10

Malware Config

Targets

- Target
  
  8BF075E043F.exe
- Size
  
  50.0MB
- MD5
  
  11dc6f028832bbc5c8d59c80e22d7e05
- SHA1
  
  7181d88c6ea9d4b174601017137a60642b2744df
- SHA256
  
  8e8b3425218ab1731d6d91b160f1486a535c766aa142ac95dbc4a0601df4f634
- SHA512
  
  71dc87db88925b1f34d8564f07a7371b6b9074b92bd63505ea3aea7a31f852db50f5db8e2afd5862042751b98405414f7295bb8e21909e4b17d0bc9fdaf3dadc
- SSDEEP
  
  196608:7YDRkda+wfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWJ:caE1IHL7HmBYXrkRoaUN6
Score

8^/10

upx collection credential_access defense_evasion discovery execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2