blankgrabber | 98d520115f3c179f332f9848af44aeeffd115c152e8105e7be247648021430b5

Resubmissions

24-01-2025 21:43

250124-1kyzha1nhr 10

24-01-2025 21:41

250124-1j76sazna1 10

24-01-2025 21:40

250124-1jejga1naq 10

Sharing

Copy URL

Twitter E-mail

General

Target

wetransfer_hotmail-txt_2025-01-24_2133.zip
Size

52.0MB
Sample

250124-1jejga1naq
MD5

17854d89a4f57f4b5a3eacee2612064b
SHA1

47120215f62694b95684c2e45b747836871dc7c9
SHA256

98d520115f3c179f332f9848af44aeeffd115c152e8105e7be247648021430b5
SHA512

c333b8d1790775a487fc4d13daa4456400f67102c59719ba3f8f90551b148dcaa258a13687914fc445ba138ba4556e0fcf302e804d55455fb2dc6e1bbbc8065c
SSDEEP

786432:yWo2ZhNiqGL+qHFcDJExAFsHEAayG4jzGgjqoLkW9FAa3MbJUSxDMQpPdXYE9P:yWd2qmJHFcN6AFEEtyH9qoB7Asy3npPV

Score

10^/10

Malware Config

Targets

- Target
  
  wetransfer_hotmail-txt_2025-01-24_2133.zip
- Size
  
  52.0MB
- MD5
  
  17854d89a4f57f4b5a3eacee2612064b
- SHA1
  
  47120215f62694b95684c2e45b747836871dc7c9
- SHA256
  
  98d520115f3c179f332f9848af44aeeffd115c152e8105e7be247648021430b5
- SHA512
  
  c333b8d1790775a487fc4d13daa4456400f67102c59719ba3f8f90551b148dcaa258a13687914fc445ba138ba4556e0fcf302e804d55455fb2dc6e1bbbc8065c
- SSDEEP
  
  786432:yWo2ZhNiqGL+qHFcDJExAFsHEAayG4jzGgjqoLkW9FAa3MbJUSxDMQpPdXYE9P:yWd2qmJHFcN6AFEEtyH9qoB7Asy3npPV
Score

1^/10
behavioral1 behavioral2
- Target
  
  172K Italy HQ Combolist.txt
- Size
  
  5.9MB
- MD5
  
  dba388431ab03b00494d420e860c8687
- SHA1
  
  8812a620909d51dece26d85d30549cd5f072d07a
- SHA256
  
  6458fc01eb5cbe8b67130a28425ece614919a0d3e1d087c17512ed98c17040a3
- SHA512
  
  83605300d9e3e801fae1d6332d78c1a00f3b7af0f5ca42d481c77400c346d1b835718843d65b9541fe78d655fdc59dfb67221ca41418302339eaa2f4801df07c
- SSDEEP
  
  49152:HOF35x6QjuHQYSziYVlKrsIs4f0F/kwmbBF9h8Zk0K7ToTClSU0u58K3Re23//Ap:3iIt8
Score

1^/10
behavioral3 behavioral4
- Target
  
  179K Germany HQ Combolist.txt
- Size
  
  5.8MB
- MD5
  
  4d74bf500d8234a92ec184ab4c1bb899
- SHA1
  
  5e7034806d3cdb043b96a60be052062c817a360d
- SHA256
  
  0ca9d9618c97fa9a42c8af0a10b8f8fe0385f06e0960cebda6ee3dd89d443607
- SHA512
  
  f067933ca520acc236bac24c8571195abc3bbcadbdbdb32786f2ed2690649a136a6ffaca12d67ed286975c93e75458128956e8b2f097aaab908774fa3f369e3a
- SSDEEP
  
  49152:1gutR3/6Xh+5hQNd/6qnM82tDv7O3R6QNJLDDH9kRKOBP:38C
Score

1^/10
behavioral5 behavioral6
- Target
  
  3x 1-9 Skin FA.txt
- Size
  
  1KB
- MD5
  
  37dd5790b81956e2f136c781f3e5cf31
- SHA1
  
  63354189690b7ceb2e66d762e3171cb785363054
- SHA256
  
  b570e69f63b73356fd7c65f53b7f40ac4acbbea7feff5ede2a9274f30d797a94
- SHA512
  
  3805fe0bd74677a776c6ac14a466fcaf341cac287721b3e55ccf9391420ede8d280ef4178fc028313d0f27b7e75af85a106adbb2302bf717b0752761dc1dd4b1
Score

1^/10
behavioral7 behavioral8
- Target
  
  447K HQ Gaming Combo.zip
- Size
  
  7.6MB
- MD5
  
  2f1fdbc719acb07b0dd39bfec9b43cbc
- SHA1
  
  7216e6359f3d70530889c93f2b3f92ff7a800291
- SHA256
  
  0e41da4c72948c6bc6e2ae296057f2f912081590980f0dddaaa70607bbbfcc90
- SHA512
  
  fa84c838b3ba0d55a2761485d3ea531786bb13b69fe562279b086640a83020be57ab609baecb7e4982922b1494a119c4dd824f23b5af743429063ccbc933ae97
- SSDEEP
  
  196608:d/f9aunAz63Lffwi55BAxZ7iUVPJjDA9nqGLNkt9UCKuTqF+lV3fNtJTae:d/g+AmbfN52ZDVNDWqGLNk9gHF+z1tJ9
Score

1^/10
behavioral10 behavioral9
- Target
  
  447K HQ Gaming Combo.txt
- Size
  
  15.8MB
- MD5
  
  800bb3d8e340b7815386a5aeb95450d1
- SHA1
  
  99cb5eacf56c5bdbe64258749678dd2b02d0cb32
- SHA256
  
  5223ac123a0e1d55074b791ac65d21d12f37b318318af2275a3f67d5431480f9
- SHA512
  
  364ac5e3fca21ca2aacb304902f4010432f833ba8e64b226d2b123f2d54efcf959c017a59adc25a26231707e17899fc9d83b59e72978a64393597e6761e1eead
- SSDEEP
  
  49152:1XiRlCByy+Ylkdshj+KPwg4CITzcasIjRSGigJWxNh320Yz/Pj6UgFUP+cuW88B5:q6KD
Score

1^/10
behavioral11 behavioral12
- Target
  
  60K Spain HQ Combolist.txt
- Size
  
  2.1MB
- MD5
  
  724f318f3de7cbbbb4efbd7e2fc50918
- SHA1
  
  dd4a7713e66a38f078c46971e57333378716d9ed
- SHA256
  
  261207e4e82c730ee4e2eb87095048e0adc772ca5b69fb7411c98716e6e48a31
- SHA512
  
  1780145d7d7d4a07782d0497e2d0f66d7e0e0589279db38648e8b71f31196971097aedade473b420760ff0c0ae0a02da44043e6eb9a78b3a5cd9247ea819f143
- SSDEEP
  
  24576:GokoY4p73zA1gJ6VLg8ep+AFInXY1J8DCSYFxtyG1CMVtgB:G9Jg73zOg0VLgpyXY1J8DbYF3DtK
Score

1^/10
behavioral13 behavioral14
- Target
  
  650K USA Combolist.zip
- Size
  
  9.5MB
- MD5
  
  cc083bdc4aba71466aef1481c22b92ef
- SHA1
  
  86824df3f932be6236467c9e586066db698ca8a6
- SHA256
  
  71b0cacd6723e67dc1aca717537fbda15060a4a1bfe6e236a683462248941d0c
- SHA512
  
  cb27f42885f9715ce1c24c123170064dacefbff5bfb443761f4f406649db2db3f6e0fc40050c9e8a089e990b004025cb8a2dd969a567e0262974243b9624c2eb
- SSDEEP
  
  196608:C5AFstzeBHtAtDyT5KfdICEANmL3L51bBYpyaaVGso3/j5lnmadwb1d:UAFstzeBNWkILEAC3yQVGfPjzGd
Score

1^/10
behavioral15 behavioral16
- Target
  
  650K USA Combolist.txt
- Size
  
  20.6MB
- MD5
  
  5b0751d6779ac4d083764b0ec9fab56e
- SHA1
  
  bec6c5b3ea06b38c9e2cfbd025155078d23687f1
- SHA256
  
  c56d9b537f5b12da79214738dfd1e7009f48fa45886bc900f0836d8b71b0247c
- SHA512
  
  03e10c4bdfc6746ec00ea05a76c0be5d7e36b3ac4050873f708669f50a686efb2aa0c4afbc391fb361fe67f7d9424449e0727688afaae5917a92ab2e0f84c1bd
- SSDEEP
  
  49152:CZSupd6QXivYLi6nkecsUQuro2yBq+BiNlW0KgG7XnjRdXFo+xvj+HqmtWIv38yI:mTZXrTeLe
Score

1^/10
behavioral17 behavioral18
- Target
  
  Fortnite.zip
- Size
  
  21.2MB
- MD5
  
  a6f7176d154c943ddb235aa60cabbee8
- SHA1
  
  116919fdf64b75bea1e997927492627697dd93f8
- SHA256
  
  88f51af987c4632ef1841cc4cde114614bb5d91219abc2dd4970cb162421376d
- SHA512
  
  76917cf938e8896d624cf948d52b267cca517060ad667b845faf0bd1aa0eb67b38f32e0a01f6d8e09663ddb97d9d1175caf7ca431c9e32aafa8a816b466a6748
- SSDEEP
  
  393216:bDQuAx1L6LkW9EWAa//MbJUsi3UlxhHDJM9iQSa3cOSLX1t54vZE9z6:bjqoLkW9FAa3MbJUSxDMQpPdXYE9W
Score

1^/10
behavioral19 behavioral20
- Target
  
  Fortnite/combos/log.txt
- Size
  
  73KB
- MD5
  
  d83a479092a1afdbdf6005815d6352f2
- SHA1
  
  d20af8f69a11f93ca651976778f539cb6df1192a
- SHA256
  
  824cba4c08d359a35eff4df4ab980118acbff2eaeca9af3baa8bcb346b3f573e
- SHA512
  
  c0b9c351dfcb76d3646cb418d0c44e53436cf95bf9b353c4b4f75682cd1266d1c23c05d44daa2069a8ce5e648888eb783fdb8ec222a259b3b944bba8340bae2d
- SSDEEP
  
  1536:VBr4uRz91Hauy/jxHW/54aHkhjcmg/eNZnIdWpPk5Ro0ur:VBr4u8V2/Vk5g/c+Euy
Score

1^/10
behavioral21 behavioral22
- Target
  
  Fortnite/config/config.yml
- Size
  
  340B
- MD5
  
  91692a4656bd8b65f6d46fdbfb64b8ec
- SHA1
  
  375d7ec031573f46596b91e4ef67a3b49582b588
- SHA256
  
  bf0fba940068c1f02ce6d4057ad9873e07c92159d47068562107383081bd4477
- SHA512
  
  c3047ccb239a3ef0a43ebe4fd8b1209175e7dfad3323bf69d585e6546bf9fab9c6265e9a7847a6fd4768ad89134b722e1094edd92ea19b2e60d4b2a3d97152c5
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Fortnite/skins_database.txt
- Size
  
  91KB
- MD5
  
  d04e3627730b2213f084921164fd8b71
- SHA1
  
  b294d95d970f102de84e484a8aa5642bb6ec7554
- SHA256
  
  adcfdecda4eba38f1b1567b052471f0b35e2750c77a03083329784b0d678b246
- SHA512
  
  8fe8568c4c1bd25d7532ecaec32591d78220463f6cd048da78c7f0db76debab9dec453f0091c0b3216fc3df54b6f06ebcd3a91015f510c047972aa83f13ac9f1
- SSDEEP
  
  1536:KkFivYhF/l7kHbAnNcEASwRk8ts+whnCFpxGUoOKp8oZFXn+1:KyF/l7kHbAnNcEASwRk8ts+whnCFpxC2
Score

1^/10
behavioral25 behavioral26
- Target
  
  Fortnite/vosfn.exe
- Size
  
  21.3MB
- MD5
  
  9ba7486280499dc54dff9a02b80baac6
- SHA1
  
  cca0585028bce98398c39b885ba4461a7b5b6ea1
- SHA256
  
  1a6e578000faaaf8b3ba921009ac9208480d33cf0e08b6bec9781c9f684fb237
- SHA512
  
  3d61aee358117c4e3420314bf5669994e7ce862bc354e129ce120d66bfd7a201ac6da779dea8257349e75b2fc5976d595dbf8a2db1e535f472e7a2469ffb2a25
- SSDEEP
  
  393216:ymkILbJ6LmC8+ocQtN2dZQmyfcnXThRleRso9urEUWjC3zDbF4frp:yxcILmC8BcQ72dZQoXde68dbCp4f9
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation pyinstaller spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  (��@�0q.pyc
- Size
  
  1KB
- MD5
  
  384b6a79ed8847c855dea1036f624f91
- SHA1
  
  49cefd868a9f23dd6aaca935beea838994464913
- SHA256
  
  3cb97cbf6b555c6b7d79ef26a3524d5742e95e95aae0242bf6a467d88fb0ca74
- SHA512
  
  f227d28fc487a975f6af3b0de748a955d745fd024b456052b6783089b7a91eab97f8de3460cbdfd064680987d5a1e616d360361f3de96e48b209f13a195872fa
Score

1^/10
behavioral29 behavioral30
- Target
  
  Minecraft.txt
- Size
  
  22KB
- MD5
  
  1d93146fb2ae5cfe310857d6cf944e63
- SHA1
  
  b1040c25b42bcfdd8dd3bf2aa34ee36ca01843ae
- SHA256
  
  98a5f080b6e342605e1f0359d9ba6aeab8541a74806f1d9a349d0050c3fbe861
- SHA512
  
  9cfbace0eda81f3226fa6b549c10e2c719579973677e5c4f0c0a55fc87ec7b069595d4c991e80b19c0a1edca2290da9e06dc4b3ff85552da58bbfe3a60ccaeba
- SSDEEP
  
  384:x04GZejMaj4IdL7Jmxy40tfHdXD822wF4fkAq3/RnQum7INJ9ZiTLKvdzf3tmH0x:/Mc4aNhtnx
Score

1^/10
behavioral31 behavioral32