blankgrabber | 2177e9e3e681ab7fea739c4427e79f357abe8baae27f033138ab1d931c001ce3

General

Target

steamaccgen.zip
Size

14.6MB
Sample

250204-vcs6dsvjgr
MD5

655209277820b56fd4ad734c17da90f9
SHA1

1a34b8f812ac0800eb4bbb92ae8be3a2e31689ee
SHA256

2177e9e3e681ab7fea739c4427e79f357abe8baae27f033138ab1d931c001ce3
SHA512

78db6531eb0f83eae77545ef0beedc559423eb0cc24fcce82e7700ac94909ccd0c59f836534cce9c24bb46bdfef1b2164288e77f234b656f9bd784566f101225
SSDEEP

393216:pP889dQi/VbozJHzVRN+2ZXVlOH4P1cExfSWZRJ:DtEdHzVN2H4SExfSWbJ

Score

10^/10

Malware Config

Targets

- Target
  
  steamaccgen.zip
- Size
  
  14.6MB
- MD5
  
  655209277820b56fd4ad734c17da90f9
- SHA1
  
  1a34b8f812ac0800eb4bbb92ae8be3a2e31689ee
- SHA256
  
  2177e9e3e681ab7fea739c4427e79f357abe8baae27f033138ab1d931c001ce3
- SHA512
  
  78db6531eb0f83eae77545ef0beedc559423eb0cc24fcce82e7700ac94909ccd0c59f836534cce9c24bb46bdfef1b2164288e77f234b656f9bd784566f101225
- SSDEEP
  
  393216:pP889dQi/VbozJHzVRN+2ZXVlOH4P1cExfSWZRJ:DtEdHzVN2H4SExfSWbJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  taskhow.exe
- Size
  
  14.7MB
- MD5
  
  6db8d333be4b11d76666b98a8f559e8e
- SHA1
  
  805226cde1ac220255144c706135b2f184b4d6e4
- SHA256
  
  5c62a60afc48ac948aec92c680737a765dfe15e1e251b799f6a299ff29f10bb3
- SHA512
  
  8f87f830146e221b1ca8ccb64dec06c65b8bcbf3c35bd62ebb02036c742be6f4384f4621a2dc734da20ede3196f2c219d483605c247eb1069c0eac82b5cc29d0
- SSDEEP
  
  393216:8XLa8bxKwj37YjXfj9lj0IHL7HmBYXrkaxzoaUNV:g3T8zfj9r6BYgaxzoaQV
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  ^��U*�.pyc
- Size
  
  1KB
- MD5
  
  042efdf705134a245f943983aad79623
- SHA1
  
  93298e3d1ca101efcbb0ec0150f4b1f2770eaf80
- SHA256
  
  7d15fd2005c4da3b422d0aa9c39645d09a5a845f6d9be381c5b8a18a9ec53c33
- SHA512
  
  d9f32303930df00888a6c100ae2fec8ea5ea8d537217353b812c26aff87c06802e04c63cbec5cba6c717de8def42c83e1ab9de87e56c7823c9fddb299ec3096d
Score

1^/10
behavioral5 behavioral6