blankgrabber | 3046f37940ea9df7c118e89edd80b1903a49bced1986195d0fb9356f368479c6

Resubmissions

09/01/2025, 16:52 UTC

250109-vdrc7axjhp 10

09/01/2025, 16:52 UTC

250109-vdjcksvmaz 10

09/01/2025, 16:51 UTC

250109-vdaqfavmav 10

09/01/2025, 16:51 UTC

250109-vcwlhsxjgm 10

09/01/2025, 16:50 UTC

250109-vcja7avlhs 10

09/01/2025, 16:43 UTC

250109-t8qvgavkgy 10

Sharing

Copy URL

Twitter E-mail

General

Target

Ez.exe
Size

5.8MB
Sample

250109-vdjcksvmaz
MD5

988710d51a3c1b137dadffb2aa1d4bbd
SHA1

dd5399d7a78b8c6c73496cfc8aee9c55ac557ec9
SHA256

3046f37940ea9df7c118e89edd80b1903a49bced1986195d0fb9356f368479c6
SHA512

9f13eb8e3d9a0f8a7941232e5183141cd4b0973ae965d53f2ea2faeae203be638c222d6bab44a66f17f2e7267de2166af47cda99c0f10bdac101ca38684439f0
SSDEEP

98304:VtIu4+Dc0dR/JamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HEMCx43Z:4p+DXR/EeNoInY7/sHfbRy9fC5mDQTI

Score

10^/10

Malware Config

Targets

- Target
  
  Ez.exe
- Size
  
  5.8MB
- MD5
  
  988710d51a3c1b137dadffb2aa1d4bbd
- SHA1
  
  dd5399d7a78b8c6c73496cfc8aee9c55ac557ec9
- SHA256
  
  3046f37940ea9df7c118e89edd80b1903a49bced1986195d0fb9356f368479c6
- SHA512
  
  9f13eb8e3d9a0f8a7941232e5183141cd4b0973ae965d53f2ea2faeae203be638c222d6bab44a66f17f2e7267de2166af47cda99c0f10bdac101ca38684439f0
- SSDEEP
  
  98304:VtIu4+Dc0dR/JamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HEMCx43Z:4p+DXR/EeNoInY7/sHfbRy9fC5mDQTI
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1