blankgrabber | 8460c3f694cecc25b73bd5374ee5673cfff5031d002516c14d7d4e3a3d4b7a73

General

Target

LiSInject.zip
Size

8.3MB
Sample

250125-vbb6gs1qcy
MD5

f0e7f323eec5b9568593a99ee9b908b0
SHA1

adadf0292f01a12e476490e5c1dbf3c8770e7d07
SHA256

8460c3f694cecc25b73bd5374ee5673cfff5031d002516c14d7d4e3a3d4b7a73
SHA512

af23e82fea5d409842d932f2c9b7ba845fdb1569700bf636cac3884604d64fc874b0ba9854817bc6f55daf36df8dad6885c0f0e28fffaba2581cdc1df35fb6d4
SSDEEP

196608:OOm1iQVPiySQcwro1LsCSX+dLUpdPwuGgp9QwL51rm6KmNOdRu1udd:O+Iigo3SX4LoCUGY5RXQMo

Score

10^/10

Malware Config

Targets

- Target
  
  LiSInject.zip
- Size
  
  8.3MB
- MD5
  
  f0e7f323eec5b9568593a99ee9b908b0
- SHA1
  
  adadf0292f01a12e476490e5c1dbf3c8770e7d07
- SHA256
  
  8460c3f694cecc25b73bd5374ee5673cfff5031d002516c14d7d4e3a3d4b7a73
- SHA512
  
  af23e82fea5d409842d932f2c9b7ba845fdb1569700bf636cac3884604d64fc874b0ba9854817bc6f55daf36df8dad6885c0f0e28fffaba2581cdc1df35fb6d4
- SSDEEP
  
  196608:OOm1iQVPiySQcwro1LsCSX+dLUpdPwuGgp9QwL51rm6KmNOdRu1udd:O+Iigo3SX4LoCUGY5RXQMo
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  LiSInject/LiSInject.exe
- Size
  
  8.3MB
- MD5
  
  684f8927bb39526b433751ee063e5a7e
- SHA1
  
  ed9f41d6cb7e8c5c7ef0276b20902c0493bdc1d3
- SHA256
  
  85f52dadb887bfcf3900d58b4a37c5f5cacabad2adc38db6776c8c75f8c78c97
- SHA512
  
  500d48685d58a43ed5c4489483600b3a53a02a787d1316ba9cd69d4cec5e234890c7c4b47d26c1d71d89e1d2f21020c14e796f2f41afb3ad4f30229eb2dee37f
- SSDEEP
  
  196608:cPudJRqZYwfI9jUC2XMvH8zPjweaBpZ0cLXCz9ooccXK7odAxU:tDeIH2XgHq+jqMyR3Yo1
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  �y�R$�..pyc
- Size
  
  1KB
- MD5
  
  1e9dfc16def543564cd1bf21f7720e06
- SHA1
  
  1357e05cd0cb329ca269af52ec3d899c3e310e30
- SHA256
  
  a823acad8acaa344aec7b74c2426cb3bde6f3c89410744431971a966ada1f9e1
- SHA512
  
  fd4055aa29cf00bbe82f753c6382374377d09f2300ef5d96335943c58e8fa93d6e52ccaf01575787ec1b8d9c7225c1a00bf0ccd976333a4766c057fd1ad43df7
Score

1^/10
behavioral3
- Target
  
  LiSInject/amboit.dll
- Size
  
  619KB
- MD5
  
  8e5926c798e62e3862e86d12bc2c09c1
- SHA1
  
  4ef4655d38dd9354a70453f7dc363a6e69bb2ab4
- SHA256
  
  652f86f48e144bedafb2346f3877d51e249aad3077dcf927602122fb82c30bdc
- SHA512
  
  8bd6c40d4182861a1a96e0f443a9b04bf6f78de7c7047f1034fb16488ff7eed8b1072dac4ace3d9969f141dd217d91c3c5f5c8f1cba94846746b79259e9a155a
- SSDEEP
  
  12288:ZVq3wZOtZ1oOH9HBFjj1rF6WR9QEKZm+jWodEEVIx:+b9HBFjdF99QEKZm+jWodEEWx
Score

1^/10
behavioral4