blankgrabber | e89ebb7c615c2148ea5d0b81ec78421dd6e63902780eed4a078cc39fa2b65b2b

Resubmissions

14-01-2025 05:39

250114-gcnn1szqen 10

14-01-2025 05:35

250114-f95s5azphq 10

Sharing

Copy URL

Twitter E-mail

General

Target

Built.exe
Size

8.2MB
Sample

250114-gcnn1szqen
MD5

3f21067af65ef164255fbee97661fd3d
SHA1

ffe7c3bac38f966245e3de03a7d8ac9412a74afe
SHA256

e89ebb7c615c2148ea5d0b81ec78421dd6e63902780eed4a078cc39fa2b65b2b
SHA512

3a1ff2e5b6a0d5e78036a55ff749aa9de0eeca803aad198a7ae56ecd941fecb153bb24636888396cd9f0594731a759a0b0b14c68698510b29225a2bfdeb924b8
SSDEEP

196608:2DRkdsRkwfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWi:2aebIHL7HmBYXrkRoaUN9

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  8.2MB
- MD5
  
  3f21067af65ef164255fbee97661fd3d
- SHA1
  
  ffe7c3bac38f966245e3de03a7d8ac9412a74afe
- SHA256
  
  e89ebb7c615c2148ea5d0b81ec78421dd6e63902780eed4a078cc39fa2b65b2b
- SHA512
  
  3a1ff2e5b6a0d5e78036a55ff749aa9de0eeca803aad198a7ae56ecd941fecb153bb24636888396cd9f0594731a759a0b0b14c68698510b29225a2bfdeb924b8
- SSDEEP
  
  196608:2DRkdsRkwfI9jUCBB7m+mKOY7rXrZu6SELooDmhfvsbnTNWi:2aebIHL7HmBYXrkRoaUN9
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral10 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  .pyc
- Size
  
  1KB
- MD5
  
  9d6a96aa8692dabb99b4f29756c8cb7d
- SHA1
  
  1df69dea83cff2852a27b4b5b66a3e16329286ce
- SHA256
  
  1387d73c81acd8a4667469dff5b22c18f0068afe40c14c28da7dd3835bc8f988
- SHA512
  
  04ad792618a88a3c9cbd2e98f1c7740d51cca1992ad4088ca02e1505995e760aae5e4bc89004eda96e77ce87a7fbe8bf0d23e66704cdbac1b6ec5e3ababf37df
Score

1^/10
behavioral11 behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18 behavioral19 behavioral20