blankgrabber | a57e0212e58ea145a0cd4ed9d7242d75fc8b80184a2172486aed2157e704bdc4

General

Target

Built.exe
Size

7.0MB
Sample

250202-zwxp5syjd1
MD5

c2aabc27d1d98feded29e0c65abbcd6d
SHA1

dbf67e3cdcf792083b54c7b55d31bddefb634a06
SHA256

a57e0212e58ea145a0cd4ed9d7242d75fc8b80184a2172486aed2157e704bdc4
SHA512

1ec324a8f6b74875ba8db23d9b81aa179e32d6c00fd3e3c69e678ff8aaf7c46d613012f6924f452495795feca0428a42ef29dc01e8c777fb2241c499dbfb2b58
SSDEEP

98304:sd5zHqdVfB2FS2/fGyuT/9vUIdD9C+z3zO917vOTh+ezDNh7n8mJ1nmOBr9n4m9I:s7QswbT/9bvLz3S1bA3zpn9VDhhQ

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  7.0MB
- MD5
  
  c2aabc27d1d98feded29e0c65abbcd6d
- SHA1
  
  dbf67e3cdcf792083b54c7b55d31bddefb634a06
- SHA256
  
  a57e0212e58ea145a0cd4ed9d7242d75fc8b80184a2172486aed2157e704bdc4
- SHA512
  
  1ec324a8f6b74875ba8db23d9b81aa179e32d6c00fd3e3c69e678ff8aaf7c46d613012f6924f452495795feca0428a42ef29dc01e8c777fb2241c499dbfb2b58
- SSDEEP
  
  98304:sd5zHqdVfB2FS2/fGyuT/9vUIdD9C+z3zO917vOTh+ezDNh7n8mJ1nmOBr9n4m9I:s7QswbT/9bvLz3S1bA3zpn9VDhhQ
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2