blankgrabber | a08e9a0631aaa7aeabcae9a963476e3d7447e75214696e19b51c1ab88b85766e | Triage

Submit
Reports

Overview

overview

Static

static

Resource.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Resource.zip
Size

7.4MB
Sample

250221-q97b3aspe1
MD5

d24b898f2506af3a6cd444a110faaadd
SHA1

95fcb063fe3612dd11ca044f8f1c7c71d06cb5b4
SHA256

a08e9a0631aaa7aeabcae9a963476e3d7447e75214696e19b51c1ab88b85766e
SHA512

8e9beacd2757148d063761554acc0631e4323890498bcbe273279403be6a8f31b8c3ca93d56d7e698344f485e5e1961a7d77721e433a64cb2e24b4a9aef2280a
SSDEEP

196608:MwkpuvlJpecClNTO8GcqLgr6CLtcghpkPsTiuSIXm6Vmix:Mw7XpecCjTlrdLCQppiZIXmlS

Score

10^/10

blankgrabber defense_evasion discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Resource.exe

Resource

win10ltsc2021-20250217-en

defense_evasion discovery execution upx

windows10-ltsc 2021-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Resource.exe
- Size
  
  7.4MB
- MD5
  
  cd56d1639c638ef44a1cbcf6756ef2ba
- SHA1
  
  784970f33b026fe770d8c0f8938d17b26c428327
- SHA256
  
  79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88
- SHA512
  
  c00a3be6d4cbc672b4fe3b4afb5072832a870c99d795656380e23d33e9b7b45f2d0851ba86e1d35fe502af2d001cf13e13ff6d431349dc166cfbdcc54bb19b39
- SSDEEP
  
  196608:qw0cDemLjv+bhqNVoBKUh8mz4Iv9Pmu1D7wJo:SieaL+9qz8/b4IsuRmo
Score

10^/10

defense_evasion discovery execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionupx

© 2018-2025

Terms | Privacy