blankgrabber | 45e4b05f4dfca2eb133a96222abb40ead04699a700ad14a96d6570bf753a7fde

General

Target

FanBooster.exe
Size

7.0MB
Sample

250123-s7l98avjew
MD5

bfe70961ee4742b40498b3ea08918a4e
SHA1

f11f097bdf07f002ab1114dc6e0eafcffea79f4a
SHA256

45e4b05f4dfca2eb133a96222abb40ead04699a700ad14a96d6570bf753a7fde
SHA512

68518d5b2f803755cbbe08d4175684be7c1a97d53e010d60358673433eded00e649ac34e88899a80f4728f5ea55bba49ca646f084bc619d25fbd8334f5295c19
SSDEEP

98304:i9DjWM8JEE1FBlamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIFH:i90PgeNTfm/pf+xk4dWRimrbW3jmyU

Score

10^/10

Malware Config

Targets

- Target
  
  FanBooster.exe
- Size
  
  7.0MB
- MD5
  
  bfe70961ee4742b40498b3ea08918a4e
- SHA1
  
  f11f097bdf07f002ab1114dc6e0eafcffea79f4a
- SHA256
  
  45e4b05f4dfca2eb133a96222abb40ead04699a700ad14a96d6570bf753a7fde
- SHA512
  
  68518d5b2f803755cbbe08d4175684be7c1a97d53e010d60358673433eded00e649ac34e88899a80f4728f5ea55bba49ca646f084bc619d25fbd8334f5295c19
- SSDEEP
  
  98304:i9DjWM8JEE1FBlamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRiYRJJcGhEIFH:i90PgeNTfm/pf+xk4dWRimrbW3jmyU
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2