blankgrabber | ebf548e65b8f05f66462e7247444fc75b6759033a873919c1f973d650ed549cf

General

Target

asd.exe
Size

7.5MB
Sample

250123-q5fnjstjer
MD5

a1006e5babbb7e99e3041986c7aab9fd
SHA1

c4df6551e48b11114b05396f7a36fee3bf26b466
SHA256

ebf548e65b8f05f66462e7247444fc75b6759033a873919c1f973d650ed549cf
SHA512

8f45173a16e88e7924eff0808a9f48df6cf81a1117b8499f743727eb75f99e440d3d174472295aaee8b9d28bb91611c43faf96c4991ede9f9ca619f538b2e281
SSDEEP

196608:99gFkwfI9jUC2gYBYv3vbWY+iITm1U6fd1EZ:UFbIH2gYBgDW/TOzb+

Score

10^/10

Malware Config

Targets

- Target
  
  asd.exe
- Size
  
  7.5MB
- MD5
  
  a1006e5babbb7e99e3041986c7aab9fd
- SHA1
  
  c4df6551e48b11114b05396f7a36fee3bf26b466
- SHA256
  
  ebf548e65b8f05f66462e7247444fc75b6759033a873919c1f973d650ed549cf
- SHA512
  
  8f45173a16e88e7924eff0808a9f48df6cf81a1117b8499f743727eb75f99e440d3d174472295aaee8b9d28bb91611c43faf96c4991ede9f9ca619f538b2e281
- SSDEEP
  
  196608:99gFkwfI9jUC2gYBYv3vbWY+iITm1U6fd1EZ:UFbIH2gYBgDW/TOzb+
Score

8^/10

collection credential_access defense_evasion discovery execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  <x��..pyc
- Size
  
  1KB
- MD5
  
  4564b01742cc7610fdd66845834c2332
- SHA1
  
  d5928a7323a1f25ce695c2b043d61fd51767540a
- SHA256
  
  c84d85e37e72783fe1f5eacbd18003d31949470d5ec7e3702a50c2ce9d3233bf
- SHA512
  
  dadc2577fda97fd294684338abca2e074e6bfa5f9ec070893a6ebdf99534e3ee252e0cff1ebf7a1fccc825fb5a3f3bf4baa87ec1aa396d4bb307c0e71c5548a9
Score

1^/10
behavioral2