blankgrabber | 825002fc4112d95c4b6a954d751e3a473d56fefddcdade8776e4dbdf1511d378

General

Target

vanish.exe
Size

7.5MB
Sample

250206-twtqlaznfz
MD5

08c265109568a518ff29787b5161e337
SHA1

47e33b10abbb99fd4ad9c7a58a3c15461f1abfa0
SHA256

825002fc4112d95c4b6a954d751e3a473d56fefddcdade8776e4dbdf1511d378
SHA512

ae87efd891a175b1b4625e3be511d0bcef3d0d0859f79df64a4513f5400920e5042bb66c43d0498a9118417c15b384707eed567714c82e84d7c264896f0acca5
SSDEEP

196608:+9gFQwfI9jUC2gYBYv3vbWY+iITm1U6fd1Em:PFPIH2gYBgDW/TOzbJ

Score

10^/10

Malware Config

Targets

- Target
  
  vanish.exe
- Size
  
  7.5MB
- MD5
  
  08c265109568a518ff29787b5161e337
- SHA1
  
  47e33b10abbb99fd4ad9c7a58a3c15461f1abfa0
- SHA256
  
  825002fc4112d95c4b6a954d751e3a473d56fefddcdade8776e4dbdf1511d378
- SHA512
  
  ae87efd891a175b1b4625e3be511d0bcef3d0d0859f79df64a4513f5400920e5042bb66c43d0498a9118417c15b384707eed567714c82e84d7c264896f0acca5
- SSDEEP
  
  196608:+9gFQwfI9jUC2gYBYv3vbWY+iITm1U6fd1Em:PFPIH2gYBgDW/TOzbJ
Score

8^/10

collection credential_access defense_evasion discovery execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  #g�ae�.pyc
- Size
  
  1KB
- MD5
  
  b229c36fc856054593eed2e85c882cdd
- SHA1
  
  9c103d4235c1ea80521638f7bfdc9abaf1124248
- SHA256
  
  88ea977fdb2a8e3cb0a7545e7a14ba873fef9e074125507a888da6ca4ce3a178
- SHA512
  
  98fdd57937f785a6a26c27d72d96f704a68d8528f031445c056a25be4587f129f24be390e8f882538e61c1cb45b97e0d9786b960aa379ca029caa9c40b8153f6
Score

1^/10
behavioral2