blankgrabber | fd6236aeb0848b1100e56c2a7e006a7168d2457282ab7399003f00568a2e2ab6

General

Target

FreeCheat (123).zip
Size

7.5MB
Sample

250121-bccc4axrhk
MD5

75caf92efb3a4165c8c66d5329db9381
SHA1

5d9271f8b91f127f76886a52bcae2316e05275a9
SHA256

fd6236aeb0848b1100e56c2a7e006a7168d2457282ab7399003f00568a2e2ab6
SHA512

ba3951e05659934ff76d030972f19f7b0c5ab7b074cb60a39d2be468b2f54e7c8423a2772db7fd568844de111b391beae1bd2bf85842882b90a77676ea3b34ea
SSDEEP

196608:8INZA+6m42qzPTT45Clh4mI11GHJb0Bpb:c+42ibT4sBEcHJ03b

Score

10^/10

Malware Config

Targets

- Target
  
  Launcher.exe
- Size
  
  7.6MB
- MD5
  
  95a05c5478d4a09015d43ac75e54aa6e
- SHA1
  
  dd39845762dba87d9e82199834332ec259af0b7d
- SHA256
  
  51913044359b830ce4acf17a66b3fe18dfc32f9a12c651d6c611123d054823f8
- SHA512
  
  67e97696bc640ef0ce1fe021a61eb101a46ebd6d8004ac885f1dd942cdc670dfee9dd0640eba7258aeb74bcca8910ee0b7a363d1fd5cd090f2840d115dd0e178
- SSDEEP
  
  196608:RmD+kd+y7wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWF:A5cIHL7HmBYXrYoaUNK
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1