blankgrabber | b29ef42de1c3466f80c4f46b198d2f744a5938dca50c073e171da9bef538a96f

Sharing

Copy URL

Twitter E-mail

General

Target

Night Mev.rar
Size

8.4MB
Sample

250124-b3eadavmeq
MD5

f1ffa4e56a276f6224015b22bd70c043
SHA1

54103ceba0c49e81312dbf18dbb02976783cf953
SHA256

b29ef42de1c3466f80c4f46b198d2f744a5938dca50c073e171da9bef538a96f
SHA512

4075ef8c7f0f2ec9caa5d141b080efd639a52f1326243e254ef1e40d79ee6afdd45e982f89bbf2f81b9cfe6cf10f3aa9e651106ef4f700980521286f258bed12
SSDEEP

196608:wv+F4MFoZk04uFZnlCKNb7KhkrlDzBm8tIAYrfrajFsXi2tRI/:VWMCk03FZlCK1akBU8t1YrYH2tI

Score

10^/10

Malware Config

Targets

- Target
  
  Night Mev/Leia.txt
- Size
  
  19B
- MD5
  
  2ccaee7c862bba614761735783d7c79c
- SHA1
  
  8413bd48676106662be229b41eed6f49f7063a76
- SHA256
  
  d846ba5fbf34cffb5885ec1e3db6bfd398676cb3325f95478dde776bbcdec5cc
- SHA512
  
  efbc6b8d44ab0185fac2cf3ba23db851a6dd5213f1a080c52f560aeee6f18610dc530b9b675bc4182d4aebe06c64abfcbc85a7a379b264febb87404c29f963cd
Score

3^/10
behavioral1 behavioral2 behavioral3
- Target
  
  Night Mev/Night Mev.exe
- Size
  
  8.5MB
- MD5
  
  dab2253217e774567d2fbe0451622d25
- SHA1
  
  b1383ad0ae5b347a2d81786ea3b614c8735048ca
- SHA256
  
  b5d35a1a329376df0652f0b04be9e16f1d0cda5a4eacddd65073f5538f65fc58
- SHA512
  
  8e2ebc15bb9717b85e86509a118186c59a5ba1f1c6c547d87eebc47816961266ad03f760597162dc4fa514541dfe7e125a3fb6dba893fc80884a5ffaccfe493b
- SSDEEP
  
  196608:sVD+kdGOmYwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWY:W54OIIHL7HmBYXrYoaUND
Score

10^/10

discovery execution spyware stealer upx defense_evasion
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4 behavioral5 behavioral6
- Target
  
  �R�`��.pyc
- Size
  
  1KB
- MD5
  
  82a4555321d467e1dfae47b984b887b4
- SHA1
  
  df467fba9b7d802cd3e09d305f35745acc774221
- SHA256
  
  0636c5de306f26b8710d9fb6a1f592d1d023882da13721d853652a0d44f65d79
- SHA512
  
  aaa7de8bc0ae70f1996db0861e2617f90ab61a64a26f061ed38136b8559edb1f62e4163d0c4e8ead36d3f48c98b209e47ec70b1c9475b9730e9443dce6606bd0
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  Night Mev/Nigt.dll.ini
- Size
  
  591B
- MD5
  
  384411d52a1194aea00cfeef4cfca1f4
- SHA1
  
  680ffbb4e09a883b85165eccef56a33245302a56
- SHA256
  
  aa40a5b32600368c8304d4b3c5f324842fefadb0bb7a73c9d60127710345ca4c
- SHA512
  
  d46cce8214d7da08c737e93ca5630c54d82b7a1a60b5c360a2f6ea006081c302afeb23c7a0694bea6cf68dcd25ec93d82b8cf673184274dad674bc42b3cb7b51
Score

3^/10
behavioral10 behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

AutoIT Executable

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12