blankgrabber | 30b3644ba5e8c1ec490ef78c52e0b04f4a4e1e1487051a19272e4292a7b96888

General

Target

Built.exe
Size

6.7MB
Sample

250101-fblmlaxncq
MD5

652b23733b44650d54be0eb9247dd0bf
SHA1

573b176db1aa34102e752cce25857380065a141f
SHA256

30b3644ba5e8c1ec490ef78c52e0b04f4a4e1e1487051a19272e4292a7b96888
SHA512

ae7c69d66d0e91a1cf1a1fe1c662680043c3827cda2044924141bfa4e923fbd316b32d37677bef07abcda45e3a0e0ba5edaaaf481d4dec84616abf64a061f3f0
SSDEEP

196608:PkeHDOYjJlpZstQoS9Hf12VKXMSEYbrCJV8//:BHBpGt7G/MyjbC0/

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  6.7MB
- MD5
  
  652b23733b44650d54be0eb9247dd0bf
- SHA1
  
  573b176db1aa34102e752cce25857380065a141f
- SHA256
  
  30b3644ba5e8c1ec490ef78c52e0b04f4a4e1e1487051a19272e4292a7b96888
- SHA512
  
  ae7c69d66d0e91a1cf1a1fe1c662680043c3827cda2044924141bfa4e923fbd316b32d37677bef07abcda45e3a0e0ba5edaaaf481d4dec84616abf64a061f3f0
- SSDEEP
  
  196608:PkeHDOYjJlpZstQoS9Hf12VKXMSEYbrCJV8//:BHBpGt7G/MyjbC0/
Score

8^/10

upx credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2