blankgrabber | 67cb0c26dbb9224fc774840de60960b6968721c0ad2e472afb3d213d1190901c

General

Target

injector.exe
Size

7.6MB
Sample

250120-sfpw2avndy
MD5

3b01f8e071c2e20ccb9d1550fe73cbb5
SHA1

d991555d5470ad1c470867a95cab8bf119643a2a
SHA256

67cb0c26dbb9224fc774840de60960b6968721c0ad2e472afb3d213d1190901c
SHA512

63498c64cc299d62c468e115646e7f7c72455420b7e930d2251477d4dc9f1aebce03abe09a103f718b8147dfea4ac3647ac6e44f8e70e4f9a1dc39bc34a3a182
SSDEEP

196608:eXD+kda9wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWQ:+5ASIHL7HmBYXrYoaUNH

Score

10^/10

Malware Config

Targets

- Target
  
  injector.exe
- Size
  
  7.6MB
- MD5
  
  3b01f8e071c2e20ccb9d1550fe73cbb5
- SHA1
  
  d991555d5470ad1c470867a95cab8bf119643a2a
- SHA256
  
  67cb0c26dbb9224fc774840de60960b6968721c0ad2e472afb3d213d1190901c
- SHA512
  
  63498c64cc299d62c468e115646e7f7c72455420b7e930d2251477d4dc9f1aebce03abe09a103f718b8147dfea4ac3647ac6e44f8e70e4f9a1dc39bc34a3a182
- SSDEEP
  
  196608:eXD+kda9wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWQ:+5ASIHL7HmBYXrYoaUNH
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  `�"�AX`.pyc
- Size
  
  1KB
- MD5
  
  4028614dab65806de76db6f742efd8e4
- SHA1
  
  fe0c7aa9cae9f9bee0984daff8247bc1c56ba233
- SHA256
  
  1e1ae73126f168dd4c4c3a2ec85d2a29dcabef6eb000fecf91ec05f23c5ff166
- SHA512
  
  de478f319f34765fee83458b3845506533c9cfa1ac4b9a7f0611c723951ba868df69b593c14a46714a4e5e3d1bc31667b592b62077edf2ebf319056834492b21
Score

1^/10
behavioral3 behavioral4