blankgrabber | 2b41f560cf40e7efb69eeb4446e61a24504445b59cd66436788f0e63713bc989

Sharing

General

Target

Xeno-v1.1.50-x64.zip
Size

6.3MB
Sample

250130-zcme3askbs
MD5

0284c2df0129ccdabb6c9dc74d3815e0
SHA1

12b6eaf900f6445616e9894bee89f0f53e172795
SHA256

2b41f560cf40e7efb69eeb4446e61a24504445b59cd66436788f0e63713bc989
SHA512

df58e8e9b68571128d981831f5eed7568cc3ec32f648b87473a5a14d909134100902fa82d83c1db7056c2cc944c067cdab1ab8f6f633249753e12c4cca5c68e8
SSDEEP

196608:uXc00BMnFTx7d8rso8hLJV46+PEbjQ97RR5y:iKczSrXGdC2bmP5y

Score

10^/10

Malware Config

Targets

- Target
  
  Xeno-v1.1.50-x64/Xeno.dll
- Size
  
  1.3MB
- MD5
  
  6a635fa58e5455397180eda307fb64ba
- SHA1
  
  0e83defcbafec8c15707e2e71947e77d960a3648
- SHA256
  
  bd6843726688bd7253a42180bf95671ad5b0f9e787adb4f13250f484abd9eae4
- SHA512
  
  00a318b1fdb38efef39351e291fd8db9bd096307a1b6319191cfcbef6d5b7e0486cb19968291f64d3d2fe48e062bbfdec9c2e185010848b7df87bead4eac2fbb
- SSDEEP
  
  24576:8HVrqyQ8I2dBY8rekRCw7qb+sOZaDKSiEEemqzipKB:8HVrqbuYw75ZOVviE
Score

1^/10
behavioral1 behavioral2
- Target
  
  Xeno-v1.1.50-x64/XenoUI.dll
- Size
  
  95KB
- MD5
  
  a820e5f0298f087a8f7f1aced8b953d6
- SHA1
  
  d9e25cdb909b663305fad31d5bb5d8e6ee2e4d1b
- SHA256
  
  91a7ad538e10ff9131424a8b44292315d21dc42b0179ac29c550d61f81a6ff3d
- SHA512
  
  81e8ebb90dfcd3f8046a68a1fc2bfb21c31ac306a5bb1be2f84e735260f7a07b4fe1e453a3a512c4f0d99b10cb2c508895fc1e43463e38f3a0974b4548514c74
- SSDEEP
  
  1536:SSRxCnk7JSfUuafNmWR42zxMVY6dTPr1Wa5iiZhZuM/APHV5y6SlSW8/XR:1REWytdTPr1WAb87Pby6S+/XR
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xeno-v1.1.50-x64/XenoV1.1.50.exe
- Size
  
  5.9MB
- MD5
  
  d5814e9ed4d5b64ab6802ebc45e2a781
- SHA1
  
  b12bdd7640ee98d8b2b8eb19bce1a5e1cb63deef
- SHA256
  
  fe8ecab9919b314990dedb5aeb5d72c92c36f6f51e4de0dad9e44e4e35624035
- SHA512
  
  7f9e7f44865cf8167f49605fc4724ec7bee372b2728d77d95f6809120bf85701f654bfab7e714cceeae62619079ad395981a4910d0067e4e0533793fa71d6240
- SSDEEP
  
  98304:NM+nh2Nji65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFV9h/kr6lVbw:N3nCDOYjJlpZstQoS9Hf12VKXib/CmVC
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  Xeno-v1.1.50-x64/scripts/UNCCheckEnv.lua
- Size
  
  28KB
- MD5
  
  b76726d10354343d9af5c268e40b47c4
- SHA1
  
  7103c78071be0c65c8b3a217168cf7909aef748e
- SHA256
  
  e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5
- SHA512
  
  5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb
- SSDEEP
  
  768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p
Score

3^/10

execution
behavioral7 behavioral8