blankgrabber | 04f72083c1227cf33fd35ef3f7ce0624b943e199c694ae586a90d5f84cff175f

General

Target

temp hartx spoof.zip
Size

5.8MB
Sample

250101-khb4yssndj
MD5

8c1b5444d33862a54aa42b91455bc3c2
SHA1

d6d218f25b67c8363585f8bd7de738fd01a3c51e
SHA256

04f72083c1227cf33fd35ef3f7ce0624b943e199c694ae586a90d5f84cff175f
SHA512

808881e9c113c46d73a655b4b6edded7ce30020c4e32331a4a32acfaff801a9f741b13aba849f98c02a0a8c0261ad41e664cc049c7545a086c1986f91eed9ae5
SSDEEP

98304:XB3Wp5tN/ZC0M4H33RyoK2msINTLZ03zF9JjARvH4eX1KIBUQqSvBruEGW8lW3UB:xut5yKmLVZCOvH7lKI2QqSvBKEkE3UB

Score

10^/10

Malware Config

Targets

- Target
  
  temp hartx spoof.exe
- Size
  
  6.0MB
- MD5
  
  04b47853ca176d625a46cf59ab708d41
- SHA1
  
  c0e345593edfe14552e7770a3375f97e24e4d1db
- SHA256
  
  c78834ade599918f0a97814a557222a1aa6f585319a4530e3f5ae314d477801f
- SHA512
  
  30ab289f798d9c6722c8cde3525635df7633fef34fa076defe68fa5c099483000a0d342dfa20d80e706def9f3772f2b90f4566f6af25140efcae5a5c151879aa
- SSDEEP
  
  98304:JPEtdFBgwdgamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RbPMYqi3PMdWag:J+FdeN/FJMIDJf0gsAGK4RbkYodWag
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  �-��{b.pyc
- Size
  
  857B
- MD5
  
  7e15d6ec29763be71d3514795dab6a16
- SHA1
  
  a2f00f06e6bc16ffc1cc12de8a5cfb1adf4f6edc
- SHA256
  
  e0ed75e9e07a32941872cc328bfb3598d5fcedcb6b6c9041ee13cb663f0166f0
- SHA512
  
  457b1b4aaaa6044da7feeb82e5107facff255f7bc49e662b8c756d5e69419d9c03999de7a58a5b37bb9c953284c3c2a8b5b1b4043eb220e47c05c668ef30af20
Score

1^/10
behavioral3 behavioral4