blankgrabber | af617aad219ab9c412b27f3aed7055d5659b180981c58d02879d085de11d5cfb

General

Target

Vyper.bat
Size

9.0MB
Sample

250324-vjabvswp16
MD5

a8f636f66cba9fd37584111ca54c7290
SHA1

6512184b91f0195e59135fb3ce8d8dc42daaaccb
SHA256

af617aad219ab9c412b27f3aed7055d5659b180981c58d02879d085de11d5cfb
SHA512

c906b803d2d6e875f06dae0545535141ecd14b9a2c5ac1a4737323e1b5d1606ec4fc6b9f1d30d7a13c43e45d0671bc4f13055bf9f537ae2b2527ba8faf054da0
SSDEEP

196608:jWg06CwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoD:1IH20drLYRZjoD

Score

10^/10

Malware Config

Targets

- Target
  
  Vyper.bat
- Size
  
  9.0MB
- MD5
  
  a8f636f66cba9fd37584111ca54c7290
- SHA1
  
  6512184b91f0195e59135fb3ce8d8dc42daaaccb
- SHA256
  
  af617aad219ab9c412b27f3aed7055d5659b180981c58d02879d085de11d5cfb
- SHA512
  
  c906b803d2d6e875f06dae0545535141ecd14b9a2c5ac1a4737323e1b5d1606ec4fc6b9f1d30d7a13c43e45d0671bc4f13055bf9f537ae2b2527ba8faf054da0
- SSDEEP
  
  196608:jWg06CwfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoD:1IH20drLYRZjoD
Score

10^/10

defense_evasion discovery execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2