blankgrabber | 4f1dc33cb20aca67eb62278f4ee92f09c016ba61b02d75631407134b5bdeee25

General

Target

Shine FN Launcher.exe
Size

8.4MB
Sample

250102-ynqq7atmh1
MD5

9298b05fb2ec12481e0618885618f625
SHA1

50dc78adc15341ce067af9d786ff01dedaed642d
SHA256

4f1dc33cb20aca67eb62278f4ee92f09c016ba61b02d75631407134b5bdeee25
SHA512

85fc61bf1ee20d3247644dcfa4babfce92f5b3c1f3d613490c964fe058f9208a4d56bcd3839a567c55d23aef7d6b6671e7fbb48afa2eb3a18eca5ff5ec846ecb
SSDEEP

196608:8KDRkdxwfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWK:JakIHL7HmBYXrkRoaUNx

Score

10^/10

Malware Config

Targets

- Target
  
  Shine FN Launcher.exe
- Size
  
  8.4MB
- MD5
  
  9298b05fb2ec12481e0618885618f625
- SHA1
  
  50dc78adc15341ce067af9d786ff01dedaed642d
- SHA256
  
  4f1dc33cb20aca67eb62278f4ee92f09c016ba61b02d75631407134b5bdeee25
- SHA512
  
  85fc61bf1ee20d3247644dcfa4babfce92f5b3c1f3d613490c964fe058f9208a4d56bcd3839a567c55d23aef7d6b6671e7fbb48afa2eb3a18eca5ff5ec846ecb
- SSDEEP
  
  196608:8KDRkdxwfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWK:JakIHL7HmBYXrkRoaUNx
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Zdi�[��.pyc
- Size
  
  1KB
- MD5
  
  978c4a27e5c5eeed5460940f008815e8
- SHA1
  
  4dd57ed37d6e5f75f90357fd2504b7dc8ec2dc70
- SHA256
  
  179e4391d2331a8cef01419fb396096f22bc83f1ed13bc58a80dc59befbe96ad
- SHA512
  
  c054b4f3fc0becc078c6cfc1ede0789567c97008cf7237a8b93b1087a6fbc7a730ae9fbc86ee975c0fd04104ac8925393c0a6aceece048eaa2a52a36bfc31277
Score

1^/10
behavioral3 behavioral4