blankgrabber | 39bcc62c81649c05006d44caf145fcf124b3024c5cfdd06359164347a349705f

General

Target

executor.exe
Size

8.4MB
Sample

250102-bb2llawpem
MD5

192a5e06bb16f608951c2267d5bb1b81
SHA1

c239603cdfe936d21a6432cc5f0865cb6b1d6686
SHA256

39bcc62c81649c05006d44caf145fcf124b3024c5cfdd06359164347a349705f
SHA512

4b7e16751c2faf2f09458463fc5440981ab74d6c9be08fb8aaeb9a95035efdbb88778cbdfdb746d8cfcf7a536ae4a05d0ca764847f6f233b7d30cad70123c6df
SSDEEP

196608:WSWY1wfI9jUCzi4H1qSiXLGVi7DMgpZB/NQ9VMwICEc/XB:mIHziK1piXLGVE4U+9VJJ

Score

10^/10

Malware Config

Targets

- Target
  
  executor.exe
- Size
  
  8.4MB
- MD5
  
  192a5e06bb16f608951c2267d5bb1b81
- SHA1
  
  c239603cdfe936d21a6432cc5f0865cb6b1d6686
- SHA256
  
  39bcc62c81649c05006d44caf145fcf124b3024c5cfdd06359164347a349705f
- SHA512
  
  4b7e16751c2faf2f09458463fc5440981ab74d6c9be08fb8aaeb9a95035efdbb88778cbdfdb746d8cfcf7a536ae4a05d0ca764847f6f233b7d30cad70123c6df
- SSDEEP
  
  196608:WSWY1wfI9jUCzi4H1qSiXLGVi7DMgpZB/NQ9VMwICEc/XB:mIHziK1piXLGVE4U+9VJJ
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2