blankgrabber | e351f71206ed3ead2b45a67438d17189aded595e500709526c4116dffa251e6a | Triage

Submit
Reports

Overview

overview

Static

static

TZ.Hack.exe

windows11-21h2-x64

8

��%�B.pyc

windows11-21h2-x64

Resubmissions

15-01-2025 11:36

250115-nqy58stkbj 10

Sharing

General

Target

TZ.Hack.exe
Size

7.6MB
Sample

250115-nqy58stkbj
MD5

e1b698ccc8338ebae0c2032be9e992b3
SHA1

a5ce4f18b252b9f33e6366849523102c0c6999fc
SHA256

e351f71206ed3ead2b45a67438d17189aded595e500709526c4116dffa251e6a
SHA512

5ada1cb2aab134bbef47f4c1f016705c45564c6b6cd77c7810dc871e882ece68f34e6aca2d69bc43b22227d2ea57db6ce991d259bc3f71e45fb7ea929be19c5e
SSDEEP

196608:HhD+kdYmwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWS:B5uNIHL7HmBYXrYoaUNZ

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TZ.Hack.exe

Resource

win11-20241007-en

discovery execution upx

windows11-21h2-x64

8 signatures

900 seconds

Behavioral task

behavioral2

Sample

��%�B.pyc

Resource

win11-20241007-en

windows11-21h2-x64

0 signatures

900 seconds

Malware Config

Targets

- Target
  
  TZ.Hack.exe
- Size
  
  7.6MB
- MD5
  
  e1b698ccc8338ebae0c2032be9e992b3
- SHA1
  
  a5ce4f18b252b9f33e6366849523102c0c6999fc
- SHA256
  
  e351f71206ed3ead2b45a67438d17189aded595e500709526c4116dffa251e6a
- SHA512
  
  5ada1cb2aab134bbef47f4c1f016705c45564c6b6cd77c7810dc871e882ece68f34e6aca2d69bc43b22227d2ea57db6ce991d259bc3f71e45fb7ea929be19c5e
- SSDEEP
  
  196608:HhD+kdYmwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWS:B5uNIHL7HmBYXrYoaUNZ
Score

8^/10

discovery execution upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  ��%�B.pyc
- Size
  
  1KB
- MD5
  
  9c66d09fd37bfe5b871726b932534a87
- SHA1
  
  5c31fceb05c5d8dc24ad6aa802ecf094c53b311b
- SHA256
  
  3b6c9783f3c2be9409a515afa3924701ec685630dd229b9c812253cbaf71d5d1
- SHA512
  
  a42f5487a9836a972a96238bcd4ec2518008e5561d75a9d08bd01b9106d4753c52a685c961e99b9239ab9792c1e40e6c3b95a9d3be81702df5007a33d8a6f1e8
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionupx

behavioral2

© 2018-2025

Terms | Privacy