blankgrabber | e54b5f50fcf4d5c03c3a14f4149c9e91e7630fb5827a7e94cfd46f7b12e860cd

General

Target

Built.exe
Size

10.0MB
Sample

250119-wvhytazjey
MD5

176b1a140c92a9888916e47b2188b06c
SHA1

217e472246e7fa4565007da98a4f632b8499fb6a
SHA256

e54b5f50fcf4d5c03c3a14f4149c9e91e7630fb5827a7e94cfd46f7b12e860cd
SHA512

6742927dccfcae39c5c6018ab2cc8317eed9316a6a2b121a3a43502cc698d95120f322f55a1f1a8cb07171dff8f52f5264053f7d367a5b2f86eb9cfc07760230
SSDEEP

98304:DRSi8TRrQurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EBKhOh112mJG:DYLQurErvI9pWjgfPvzm6gsFE44frq

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  10.0MB
- MD5
  
  176b1a140c92a9888916e47b2188b06c
- SHA1
  
  217e472246e7fa4565007da98a4f632b8499fb6a
- SHA256
  
  e54b5f50fcf4d5c03c3a14f4149c9e91e7630fb5827a7e94cfd46f7b12e860cd
- SHA512
  
  6742927dccfcae39c5c6018ab2cc8317eed9316a6a2b121a3a43502cc698d95120f322f55a1f1a8cb07171dff8f52f5264053f7d367a5b2f86eb9cfc07760230
- SSDEEP
  
  98304:DRSi8TRrQurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EBKhOh112mJG:DYLQurErvI9pWjgfPvzm6gsFE44frq
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1