blankgrabber | 2458d71acea70c16e35b4e70d32799f7234e77396b91d38b8db7448a7d3acdbf

Sharing

Copy URL

Twitter E-mail

General

Target

Feather Executor.rar
Size

24.4MB
Sample

241231-2s27katlcy
MD5

f275f20835ef62e7c4fe4edc12608fd5
SHA1

a0b1f33fc3d9b651c9e054f3bc5be849a8d7b6fe
SHA256

2458d71acea70c16e35b4e70d32799f7234e77396b91d38b8db7448a7d3acdbf
SHA512

8170061edaa0979885557ffb9fe6bc3cf8c1f384d4d781d8b62553e8060b1bb620833812cd8cbc29f04198b52bed537fa7a21728e2d51855d611fac2dc077d08
SSDEEP

786432:EUZy1k3XaRN9CosGVvjlKZmaUUE1jj7PICp:fj3qf9dsGVvjY4aUUIj7j

Score

10^/10

Malware Config

Targets

- Target
  
  Feather Boostrap.exe
- Size
  
  7.6MB
- MD5
  
  348dbc907eb4d0123302bd6e1adab458
- SHA1
  
  0f2ccd3ff897b75f2b62e79d468dbac2acb48ba7
- SHA256
  
  b67a2978d34f7b191836f5c18c128d41374fc73767624c7170b9561c1276676a
- SHA512
  
  6d15374e0a7d2c56284af70b59f04ec2e4a399f79838bf2cb566c72f61e4022f12a01821262cb1110423d8b051d1fcad5245ba9b20785d26538b8ae2d4105c7f
- SSDEEP
  
  196608:OTc1dEjPwfI9jUCnORird1KfbLOYgN2oc+nBIdAxI:V8EIHOQ76bynnBI9
Score

8^/10

upx collection credential_access defense_evasion discovery execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  NVUnityPlugin.dll
- Size
  
  1.3MB
- MD5
  
  89f3c3ddaf68c12baee78d8463ee1e2c
- SHA1
  
  94059794cd9b2701c9eb6d7b39eaaab1474ba87b
- SHA256
  
  4474bf0fa2061a0202fa5f300fdb3f2eef3bae693d637c56b7858066b5e2588c
- SHA512
  
  51868a228bebdee8c5167ba3b85ba3571d76ad6a4bb36c00e7a640aceaa19885a6cf67ddc6ffa0c4450d12f19d93b1848d09bac1d3f9df0a997a34cafd51fbc2
- SSDEEP
  
  12288:fc30F//l4cMNkuiE2W75h771qmqWv+We/hUmlnRGsNrlMP5LPo3uMnKhIpSkPetb:fnFFhL3Kh8SkPetWTpEp
Score

1^/10
behavioral3 behavioral4
- Target
  
  nvngx_dlss.dll
- Size
  
  33.7MB
- MD5
  
  e557b8eb18fbd710f82073d9f6fa55a9
- SHA1
  
  ae66acaa9118c24f4c0c2bbde6f595604335bc7d
- SHA256
  
  6a12400beedef26ad8a3baca8dde2c6a5859942ce9ae14f78a07f7a87f883321
- SHA512
  
  f8782fc0cae98291f61f9f43368190ccaaf2f7bd066638599f0d15c6dac0a8e96582d2890bbd3a20ad0b0912449eabada9a68163d13965ebecb4ab1b8f7d6e95
- SSDEEP
  
  786432:GlP1qWKMJWs/THQ1qfKds/CJDimkNAFaIwW0WaBHaxuf1IVZ:GB03MJWs/Tw0Cds/CJDimO3IwJWEcudw
Score

1^/10
behavioral5 behavioral6
- Target
  
  winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral7 behavioral8