blankgrabber | a74393536f56cd9e082533230be32650f1955feae62a8de7872a221bee4d39a6

Sharing

General

Target

Xeno-v1.1.0-x64.zip
Size

8.0MB
Sample

250109-esw9zszphp
MD5

26b22a3137c34470c05b2d15c118c995
SHA1

28f0bdd871275eb8eaa7c9bfcf12a1b677859a76
SHA256

a74393536f56cd9e082533230be32650f1955feae62a8de7872a221bee4d39a6
SHA512

f0b9ac5d4782cf5d11b48214c1ca386ca4b42bbe63224b2310731ea3fea8dfae113ac22e534ff2a8bddbc21213b5a2ceb0a8fcb8ccc0d09ee3fca90aa0c6bdf5
SSDEEP

196608:bdKh5Wj28NXphL4h19E96HaptVsxhZ0agPL+6:bdr2KpC9E96CtV4uagT+6

Score

10^/10

Malware Config

Targets

- Target
  
  Xeno-v1.1.0-x64.zip
- Size
  
  8.0MB
- MD5
  
  26b22a3137c34470c05b2d15c118c995
- SHA1
  
  28f0bdd871275eb8eaa7c9bfcf12a1b677859a76
- SHA256
  
  a74393536f56cd9e082533230be32650f1955feae62a8de7872a221bee4d39a6
- SHA512
  
  f0b9ac5d4782cf5d11b48214c1ca386ca4b42bbe63224b2310731ea3fea8dfae113ac22e534ff2a8bddbc21213b5a2ceb0a8fcb8ccc0d09ee3fca90aa0c6bdf5
- SSDEEP
  
  196608:bdKh5Wj28NXphL4h19E96HaptVsxhZ0agPL+6:bdr2KpC9E96CtV4uagT+6
Score

1^/10
behavioral1
- Target
  
  Xeno-v1.1.0-x64/Install dependencies.bat
- Size
  
  1KB
- MD5
  
  eb4b04fbf3be04946d84a01ede5cbe9a
- SHA1
  
  c03837830a409c2ef177925bd3e4ec9544cc5031
- SHA256
  
  f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40
- SHA512
  
  42dae275458e8f23383285087cda5dad95bfee58bdb86dc1b6c07373296e35f99fd3c249fe022a5bbd3e9b0a465b6231922267fb330d6b5febeb7a731d320749
Score

1^/10
behavioral2
- Target
  
  Xeno-v1.1.0-x64/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3
- Target
  
  Xeno-v1.1.0-x64/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral4
- Target
  
  Xeno-v1.1.0-x64/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral5
- Target
  
  Xeno-v1.1.0-x64/Xeno.dll
- Size
  
  1.3MB
- MD5
  
  538ce914853d942471aca19f7344ee45
- SHA1
  
  d34ea715f5ac65a61f753119ec1534dd712a37e1
- SHA256
  
  887ea84d65f10821d48dcb3678dc8834338d1e2e13915f6b6b02971a2fb0bcf2
- SHA512
  
  f487a9c7cd301ecc51b8f5890e1aa223b9f4373aba3e75d71cba0e3bcbdf7032a365bd23e8ae19520bfa90962c6cd36410bb7f83f8f173b25f2ec1f87592cd03
- SSDEEP
  
  24576:1IdKiywcIFdxMJm2yOCvDLuMyw+wwZzNggeCaGtNm1pKy:1IdKiIgpvDKMz+9ZzNgKaK41z
Score

1^/10
behavioral6
- Target
  
  Xeno-v1.1.0-x64/Xeno.exe
- Size
  
  7.0MB
- MD5
  
  0902fc4fec861c5913626981f513ce72
- SHA1
  
  d31d5d4cb7367968450ee39fcfe23479bea66585
- SHA256
  
  b21ef0742985cef31238db4c14565c65e1c57cd15aa28d5191e473f368bbe89a
- SHA512
  
  7858e9ff83f05354e88f69e87be74a1e8bfcfdde4409712bddfeaddb46d4bfcb7c2886a354a2efbba4de102640eac7d25cf4819ddb6cd3aef5b73438bde8c187
- SSDEEP
  
  98304:LlDjWM8JEE1FPjamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIFC:Ll0QeNTfm/pf+xk4dWRimrbW3jmy
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7
- Target
  
  m��.pyc
- Size
  
  1KB
- MD5
  
  11e2862528010911c8dbdc0e8a5dd23c
- SHA1
  
  3637090cf463d38cb7088d59f20adb64872dcf4c
- SHA256
  
  4caf2acf896389817d367df13043be005a94107c1cfc3fd1efa4b0d0231b2690
- SHA512
  
  47d7e6f168b65b60b2cb58730f0f3e811ca42203f23e8b6557ade4e531ebb97ea217bf6b56a6cd5e4028891e9cd2ec31373677428da4df99e3223cfd8f898092
Score

1^/10
behavioral8
- Target
  
  Xeno-v1.1.0-x64/XenoUI.deps.json
- Size
  
  2KB
- MD5
  
  f264dff8b12b6341b6bb97f9cea46324
- SHA1
  
  f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74
- SHA256
  
  16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905
- SHA512
  
  4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93
Score

3^/10
behavioral9
- Target
  
  Xeno-v1.1.0-x64/XenoUI.dll
- Size
  
  95KB
- MD5
  
  0c693fdf5031de28e139121866d4e71f
- SHA1
  
  d4e3f81ce0ac00efbc537b6aa4ebc07f039aaf9a
- SHA256
  
  3788b42e87c69c077868856b07c03e8606e0f49389c947231701100d99337e1c
- SHA512
  
  4298a579eea032e794ac4aaa2e18c793fbe0d3f33a2f8e948fde510427e604f06072b71703183c9ca88c73a805627187241f47845a9f16822243388ae5cb42af
- SSDEEP
  
  1536:gOTgjZ0JbSfMuafhOWR42zxMVY6dTPr/Wa5iiphLuM/APHV5y6SlSW8zXR:bT+WytdTPr/WAbK7Pby6S+zXR
Score

1^/10
behavioral10
- Target
  
  Xeno-v1.1.0-x64/XenoUI.exe
- Size
  
  140KB
- MD5
  
  f0d6a8ef8299c5f15732a011d90b0be1
- SHA1
  
  5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf
- SHA256
  
  326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b
- SHA512
  
  5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27
- SSDEEP
  
  3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral11
- Target
  
  Xeno-v1.1.0-x64/XenoUI.pdb
- Size
  
  38KB
- MD5
  
  4a66dcb58bf6ba9f206f827ff97c7407
- SHA1
  
  922f6023fc4ba972392126dec7f194704b40ef2e
- SHA256
  
  37463a799a21a8df01f42e0db8dc7d545d5674913ef5c1cc8373fb85807c5abc
- SHA512
  
  9757e0659af322e270f2c687a24e9115a54a1a31fdf4fbc40f8e0ca6c7794e1e9ef62ea4cb6a4aa29f9efb5d92566f9975903c9e7494f8e1d3c94a69270384bd
- SSDEEP
  
  768:9TB9Zlxdt3jhZjgvohRe8C70jleXa6UTqDY4tgJftyY:9pdt3vpC70cXb7gJVL
Score

3^/10
behavioral12
- Target
  
  Xeno-v1.1.0-x64/XenoUI.runtimeconfig.json
- Size
  
  515B
- MD5
  
  e0f6f18f9b152bc2d8c710b0214805d6
- SHA1
  
  ae3d39e59fd6edc05792a76cdf4f02a637f52e29
- SHA256
  
  89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd
- SHA512
  
  80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e
Score

3^/10
behavioral13
- Target
  
  Xeno-v1.1.0-x64/autoexec/test.txt
- Size
  
  29B
- MD5
  
  649d2f9bbd50814244547e4e140a95e0
- SHA1
  
  c7d1725852f659487fd8b70fe7c2c32420732734
- SHA256
  
  2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92
- SHA512
  
  ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8
Score

1^/10
behavioral14
- Target
  
  Xeno-v1.1.0-x64/runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  136KB
- MD5
  
  8f2648cd543236ef1b4856715731e069
- SHA1
  
  c269e906556c160201fe229b9f6f3dde26888ac4
- SHA256
  
  77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0
- SHA512
  
  26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc
- SSDEEP
  
  3072:VgpD1l8o58rpoJbMPN6OSBTj0zEtJW6hGo3:aphl8omrhlzEtJNhn
Score

1^/10
behavioral15
- Target
  
  Xeno-v1.1.0-x64/runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  c5f0c46e91f354c58ecec864614157d7
- SHA1
  
  cb6f85c0b716b4fc3810deb3eb9053beb07e803c
- SHA256
  
  465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f
- SHA512
  
  287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91
- SSDEEP
  
  3072:7evoTTlTRTyiuPThTNTKm81SbbMYSPLNsknZiZ2HZ5AaliiT88FEtJ57dXSvlCW:HTlTRTyiuPThTNTKmFQdhsknZiMHfEti
Score

1^/10
behavioral16
- Target
  
  Xeno-v1.1.0-x64/runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  113KB
- MD5
  
  9d7744e15bb8e3d005079b18979c8544
- SHA1
  
  7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64
- SHA256
  
  cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2
- SHA512
  
  732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25
- SSDEEP
  
  3072:rJ7FfqJR70vRq2KVsCKKa/gqeNZ/TvxEtJlAlp8Ugr4fm9IxK:r7fqJRQY0RKD5EtJeTMr2mV
Score

3^/10

discovery
behavioral17