blankgrabber | d4a7181637fae1d0032bd53f83965c6a4ba4fc309c739ee8b18f99232579b58a

General

Target

IMAGE TOKEN GRABBER.rar
Size

7.5MB
Sample

250125-zdwp5a1lcr
MD5

6feccdbc996aa9755093f74d6b067c93
SHA1

20d4c3014ce3b5a8a66a563d9e80fe285d616cc1
SHA256

d4a7181637fae1d0032bd53f83965c6a4ba4fc309c739ee8b18f99232579b58a
SHA512

d711974b44011ae14848adb9b9e2bdb686c692b865b81d7e0a91dc704a0dc94cb888ffa273eadfa5ddef30f7f7a43eb8d4429dfd6d22bc045ea95723f62dfa96
SSDEEP

196608:ofKZvN8X7/9M7nJgLcBBV5U8YUMJj1g3TfGhsB:ofK1Nu0J9BT5bqJBg3TfGw

Score

10^/10

Malware Config

Targets

- Target
  
  IMAGE TOKEN GRABBER.rar
- Size
  
  7.5MB
- MD5
  
  6feccdbc996aa9755093f74d6b067c93
- SHA1
  
  20d4c3014ce3b5a8a66a563d9e80fe285d616cc1
- SHA256
  
  d4a7181637fae1d0032bd53f83965c6a4ba4fc309c739ee8b18f99232579b58a
- SHA512
  
  d711974b44011ae14848adb9b9e2bdb686c692b865b81d7e0a91dc704a0dc94cb888ffa273eadfa5ddef30f7f7a43eb8d4429dfd6d22bc045ea95723f62dfa96
- SSDEEP
  
  196608:ofKZvN8X7/9M7nJgLcBBV5U8YUMJj1g3TfGhsB:ofK1Nu0J9BT5bqJBg3TfGw
Score

10^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Builder/Builder.bat
- Size
  
  7.6MB
- MD5
  
  d14ac81cf4ef57049f5df85cb86a1009
- SHA1
  
  278ac5f19ab61feebf6bb1cfeea4f79103025692
- SHA256
  
  a2e85d2d5c5bef45f3607c78d62e8f688d34fc15fc58180a86711ac5b1bf3763
- SHA512
  
  ac1c39f197df9d7d60684016caed0eebdaffe84b88776969c8ccbd33422eeabaaa6ec8aab24f5bee12bfcfa08034fabaf5b2450765e4af6286b992a8f8251644
- SSDEEP
  
  196608:qQD+kdFf/wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNW9:N5nfUIHL7HmBYXrYoaUNq
Score

10^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2