blankgrabber | de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1

Sharing

Copy URL

Twitter E-mail

General

Target

PlutoReaperV2.rar
Size

17.2MB
Sample

250305-yvmccaxvb1
MD5

6f601fe31134ee1aae5172f0a98fea2c
SHA1

819019f56bb8556d35acb6eb8102cb25c7e43342
SHA256

de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1
SHA512

b6454116a72f7d715f02d7a5d3804ac36f79133e1f0fedb2f464560ba2e4427157a23d9578119409035f55a35d9deadc944035005e9fe7fadb90f0825152e9a9
SSDEEP

393216:jNiHh4xplqWQGVX21xqtACmDjNA887te0fhTswxMM27ZeIpybFA1:jgB4xpoWjXHcjNA8qVoGcZeIpSK

Score

10^/10

Malware Config

Extracted

Family

xworm

Version

5.0

field-aye.gl.at.ply.gg:24443

Mutex

MVUVp9tCaPyjpP9v

Attributes

Install_directory
%AppData%
install_file
Windows Defender.exe

aes.plain

Targets

- Target
  
  PlutoReaperV2.rar
- Size
  
  17.2MB
- MD5
  
  6f601fe31134ee1aae5172f0a98fea2c
- SHA1
  
  819019f56bb8556d35acb6eb8102cb25c7e43342
- SHA256
  
  de672a44b62f7f4862b94d14c74956cf91346312f8227d6a5aa1b0d509fa07c1
- SHA512
  
  b6454116a72f7d715f02d7a5d3804ac36f79133e1f0fedb2f464560ba2e4427157a23d9578119409035f55a35d9deadc944035005e9fe7fadb90f0825152e9a9
- SSDEEP
  
  393216:jNiHh4xplqWQGVX21xqtACmDjNA887te0fhTswxMM27ZeIpybFA1:jgB4xpoWjXHcjNA8qVoGcZeIpSK
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/cryptocurrency/login.html
- Size
  
  7KB
- MD5
  
  4274f4194a8806dbce4b2596684aa498
- SHA1
  
  b7e6a10ea693829861493dfe162bb7c3c1639c8a
- SHA256
  
  0c8190be1be671249b9a516114121c232d1b90b44a383316f5ae3dc7d002ffe2
- SHA512
  
  6e1a6a21cb798c20ac9e1ee826b66468735f609808e41d43d71fde5903d4dcb2f0a555e10c26fc1fcf02f524438ec96bce81eb3e85e18787c438f2a01c1efc6f
- SSDEEP
  
  96:mGe7ZNWrDrDFIbTIVxw1vw+Z1vcQJy/+OrQ/EYwvhGDIZ/+mQXOCnCZPCYC9Gi:Wx4cywMh7ZsX/CY9z
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/devianart/login.html
- Size
  
  74KB
- MD5
  
  2c4c4782edf762ef3d91ab073b9c2be7
- SHA1
  
  85d6da97e9ac1bbbcd148376ad70ba12f97b81ba
- SHA256
  
  db3440e5a15c5a13603422612155a555db2b8e60fef07f023900e3eae23e7219
- SHA512
  
  c5993c55fd119fc37bc6d3a12c53c8b268c4828dc0f89451cb092e4f2cbc3e8ca78d5acb17f229c3f9baae52cd8c4d1184e315d31a544df218de81c5dd3a91a2
- SSDEEP
  
  1536:8CgR5Pt5Rk4OfZEVYnQfbltvgwoaKPzfmrBXmLK8jhbTWwPY49h1g4ng4dSMoKNq:8Mwo9PLcXmrjhbTWgYs1oxRN
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/dropbox/login.html
- Size
  
  67KB
- MD5
  
  2ff95476dfb7e366d81924cb8c354a22
- SHA1
  
  fe08dfc8b7f99c0ba5702ea7b346606e4078cc29
- SHA256
  
  7e5bc50905ba754480a3915e127095659132905c9f674c51f8f8dde70990e903
- SHA512
  
  13118bfad9ef3a7e14f3f61ca95e97f666d915d0e00434e29f640228f9638ee68d073343fd69e14082169d66b661fa59df58c29296210d733810e5dd6d5f4885
- SSDEEP
  
  768:DulsKt6IebM4hKmbKTLm0+SPNGEyRbyiBchgZYYq1YrWmR4iOmeB/MISJvKlJjJT:rnIqM4hZHyicckiOmeBap9h6LyZPiJ
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/login.html
- Size
  
  398KB
- MD5
  
  dae741701bcfb2cf53f8a7f84b469c17
- SHA1
  
  af15ff21fc5b63ae5d2a7aaf37cea44fde111006
- SHA256
  
  1db4924a7408e2f5b755185a81bc3f181141e6767144089d9ece8a226ef78658
- SHA512
  
  985e18511085e06a0288b6b2dea54a064361b75884c70c2422549baa1e8be557d463ef5d28c1a3c6ec88069e90fdb45371fb54e33f2ea76e449e4f34c177d383
- SSDEEP
  
  3072:0T7LB+wkce0gcYSLyCw9riAw1RTDMgrA8GfLcmLdC+BC:0t1kc1LyRWL11MgkYqBC
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/facebook/mobile.html
- Size
  
  9KB
- MD5
  
  781baa7878daf277f0faba6353ed541e
- SHA1
  
  1aadcd6dcc52218b5652f7c91d9c4d741536307b
- SHA256
  
  2117e2514f1666864ca757e53dd379dc88eaf92255613057fa5f0668aca68379
- SHA512
  
  88c0efa80ebd0a9f91e5b245d6d55718a2f1bd27a645ed9a96b831f38e6eeb98c20a744c665342c4f47b40a8228cf41a33b0b2864d5c301345c1e4f8cbbcca49
- SSDEEP
  
  192:S/GYrJb8WGtE5f6eE7w5a91mFsOYoTKqob:S/GYrJb8WGtEET8a
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/github/login.html
- Size
  
  12KB
- MD5
  
  4d969a8b2808c635de7e359e64e64b67
- SHA1
  
  32d826f58a3b647f0ddf25b5cea4a8e13e737a58
- SHA256
  
  28ecf3a981f4b2eb37b499401745bc5b06ec1c80b27c3d45981edefc53ac45d5
- SHA512
  
  c648486c0657043e9bd1771f6ac1ee41e023c14e81f4e67da5e950adb749700121aca2bdedba962284434860a3899f2b21133ecaabeabaf96a3df96ddf67dd03
- SSDEEP
  
  384:Arc/x+o/yXVYRYhHyQrmbPi3a5HymU1W/7b:Aop14uq5bsHxU4X
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/google/login.html
- Size
  
  80KB
- MD5
  
  3ef789263e6a75cdc13166386ecebbb3
- SHA1
  
  24dc10d9381d31f83a807cd9a37547c50285e99e
- SHA256
  
  5e368070a41124048a88accb87b8576e5f32676d6cc6057748e2ba6e5774ed81
- SHA512
  
  ceb6ab6021f107ccd0d93bc67589f8ee0604130022fc2d87391f1487797745e28eb777cef03bbe8d2a42cbd320883420e524320ebbd4d225eab5fbf6badeb1f7
- SSDEEP
  
  1536:MmMAXA6ILKIHkVBV7p1jLnt28lM3onCFzB/OGYdOf+Z+lkQC6Ujkm:1XA6Oj8qYY2GYoRUjkm
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login.html
- Size
  
  9KB
- MD5
  
  85d9b45e1ee92f2fcb04f6573488e703
- SHA1
  
  a650a2a2be2c7ca90018c230cf87d5791398e75b
- SHA256
  
  433f55b5590629be5c2195a61b2287ae6a82d0905b2bfc6ea6b15745a69876a8
- SHA512
  
  94ded12053c35731373e2f8568c124ebcad7514691cb411cc87b5e8c1e0024fe8e3760c50730297b242230a9ccace0264ee9ec7a705693be265138aa5ce7bed2
- SSDEEP
  
  96:jzi/3N+/pnnG2/wM1R84yULnaUyo1cl1v8lsNZQfehiUOdRgDkaaTlM4XgLAA:/i/3KFGGb8RUervnQfeYDdBdXgcA
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/analytics.js
- Size
  
  34KB
- MD5
  
  64615acd5da6e5acbd0a54b34174aefe
- SHA1
  
  8db13cf86fa09d44b60d8e3e480da1646631b00e
- SHA256
  
  3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
- SHA512
  
  e77057008fc0a3b8380e9f8daf79bb521daa5ea545e9ddb01de8fd38f70e30c224fd8018c349ec8f32aa9cec7470f204378a70db59ef3eb09807016e84431146
- SSDEEP
  
  768:/WHs6JqTUgS9iVUcSgogRe+dV1UKlcLC+Wz1PgvfT6GWs1Zy:OHlq/SHgjRew1UKlQFfeGWsi
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/bootstrap.js
- Size
  
  36KB
- MD5
  
  9ff12f8df35065e7221c5da316c773ee
- SHA1
  
  ea5e64b9fa979880306f24e0d0695303e1c2648b
- SHA256
  
  3c4ac435c16ba54e851a53ed658734c69795551abe2015513e3219638763cca4
- SHA512
  
  7201adfc0fd6eb267c4efe96860dcb36c7959f643b6f1db7e1bf3bfb93654c985695cfa1461b90ec790b146bc5f357ff66336a53201175031edbc1ab934db76f
- SSDEEP
  
  768:piQwiPImSq6I0PZXN8SX2mVhyjSfsGnjoOiA6zl:i0N9G7iA65
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery.js
- Size
  
  2KB
- MD5
  
  d012fbbcb76e4ceec0352b9fe473e4fd
- SHA1
  
  5d4911bc2ffee1bbf7a2bfda3dc68d082210aa78
- SHA256
  
  2e8504f05b5908a7ca54a7f94be9a4ac3efa338fefa1614708e8defeb668174c
- SHA512
  
  088de45258f6082e1651cc90368788087b26b7b8d9195cb165b3896fa539e35a99584c8381017ddb242e24785775975ef74019c2918fdb7d68f7b22c305eaf72
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_002.js
- Size
  
  84KB
- MD5
  
  493592e649eacf132e363aeaf1dad71d
- SHA1
  
  184374955dffdddb8f0da6c7b37e71996be016a2
- SHA256
  
  35426acd5d1017ffd0d43b95037e67e32a3dbc37f9d2977d29590ef066a40fea
- SHA512
  
  3f1c56f7b3806d70ae45fc9885b0a0a3595bc0acef52950a1e869a98c9d97b6d3966a76287284ea0e36a6b50582733ca4e5380112a2baa2302d2e48eab041b5f
- SSDEEP
  
  1536:M2EKyjDjdCiCZZoOOhqJL+4tr7ZxdnuId3fcJ/BDgLgNE4nC8BGm6cI7dAcXJxtF:kXlhqm9tN1nGm9gAc7t5ki
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_003.js
- Size
  
  2KB
- MD5
  
  45103ba8183745c921070d9cdccc0f6c
- SHA1
  
  65e1bad3c9001c11e0251ad621da8681afcef10a
- SHA256
  
  a78070acdbcd1310a1d80834fe25fc51174a005c4a89405b2b043b60f1a54c52
- SHA512
  
  57f74b95bee8d8203baf528f710c920733ff0f33c0b58198c3367494c32925b4d84f35a5dfe933366eb94b124a0eed9cc5b3fd90a089705ec6999199638a4d28
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_004.js
- Size
  
  84KB
- MD5
  
  e071abda8fe61194711cfc2ab99fe104
- SHA1
  
  f647a6d37dc4ca055ced3cf64bbc1f490070acba
- SHA256
  
  85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
- SHA512
  
  53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65
- SSDEEP
  
  1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  PlutoReaper/PlutoReaperV2/PROGRAMS/PHISHING/instafollowers/login_files/jquery_005.js
- Size
  
  1KB
- MD5
  
  5a21f990be25aba8635ba0584aa0c80c
- SHA1
  
  fae30cfb15aae42364cf7d2101f9ca027f7a0d7b
- SHA256
  
  be2a1ed5e89385f6854cc07c64d33f00b2234d4b17f614f2cc06cb2e984ea82f
- SHA512
  
  63010b262e87ca005660c4b64222950ae49a50bf4e3ee04988cc747a1bb9febe5dcd5e30029fdbd09df890655c42e3e99096b2c01f4c3b8a7728e751282fd256
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32