blankgrabber | dc21a9a0dad416681c8cd067469387090da078e6c38e9d75b4adb0098e786a52

Sharing

General

Target

Furta.rar
Size

9.1MB
Sample

250325-wpd3nstnt9
MD5

1d264bc259b0d604df96139c988d7784
SHA1

8309f899e6598180e68434189f0f0b1147f74b3b
SHA256

dc21a9a0dad416681c8cd067469387090da078e6c38e9d75b4adb0098e786a52
SHA512

771d6527ff8031f80073f40acd6373975206ca1360b2549d4fb886df34236c3dee033c1fbfb624372fd1e63c6ba8286ce8bdf42fbb32d4b51fce627d5cf9ca58
SSDEEP

196608:DafAXleSLVLTHTmMhJKbsX3WaExu2pGroPU2rxEBvCxCzJNKx8nf6:B0QLTzmJbE0GroPU2WGCzJe46

Score

10^/10

Malware Config

Targets

- Target
  
  FurtaHack.exe
- Size
  
  8.4MB
- MD5
  
  24ddd42a42530a1b483233b51bc494fd
- SHA1
  
  ea54da70ae75760c4fb86d53dd9ec5801f75b7c8
- SHA256
  
  0e969d32dedf958e3aa22245176c66529365cdf79ea2b4ffdf5e174b0dedb7d7
- SHA512
  
  0d97a3d8e3a187b9cd22c6e8a994ddb95028d8598fac7af86d23066eb43379cda549d2f2fb99ed55c9dc3c59f02b0839986c01c1c4fd0b9abbb012a46af7c56b
- SSDEEP
  
  196608:HWq067MNJhhhEwfI9jUCD6rlaZLH7qRGrGIYV9oZy8FUsOnAoX:zMNZh7IH20drLYVmZjoX
Score

8^/10

upx collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  OpenAL32.dll
- Size
  
  849KB
- MD5
  
  21e5da3d9e84546b7b803f09fdd082a7
- SHA1
  
  58269ee9c3a9fa2e5ff92d9a71c00213305b2357
- SHA256
  
  6c7aedeabf7dae8f130559b8db470b7c03080ed17d6004984073bb1e9b202e94
- SHA512
  
  991d2df9f635b548f623112a21a6518a6768a2ab37326b9a8f5b9b0c737849614794810766a8186cacccdac7868c081824167d233993586418d8173c2eeeb4df
- SSDEEP
  
  24576:dCbIWvjYAE5KvEdf6ORpuBuArgFpti33J:AIwjYAE5KsdfDCBuAWpti33
Score

1^/10
behavioral3 behavioral4
- Target
  
  lua51.dll
- Size
  
  503KB
- MD5
  
  64333a8fd053eeb8f59ea03812b59a1e
- SHA1
  
  6a5eb12118790d13d39d97b93836a8a16709839f
- SHA256
  
  d0039528d0c48acf9e4b93e39f929ecd8def2b08c429971b809d8751aae49fb2
- SHA512
  
  f1fd5d6115b2f94cca1c815d0288a6c7068857ca83199df4c7561190510159257ea09ffcf19b1615565d9b39ac7feeb150e9e1c341dd1e3de9d838d715055f27
- SSDEEP
  
  12288:gpfXORux/pn2GNUGMuh6G9Y+j2VnqXWER:gpfqux/pn5UGMI/Y+S1qXWER
Score

1^/10
behavioral5 behavioral6
- Target
  
  msvcp120.dll
- Size
  
  644KB
- MD5
  
  46060c35f697281bc5e7337aee3722b1
- SHA1
  
  d0164c041707f297a73abb9ea854111953e99cf1
- SHA256
  
  2abf0aab5a3c5ae9424b64e9d19d9d6d4aebc67814d7e92e4927b9798fef2848
- SHA512
  
  2cf2ed4d45c79a6e6cebfa3d332710a97f5cf0251dc194eec8c54ea0cb85762fd19822610021ccd6a6904e80afae1590a83af1fa45152f28ca56d862a3473f0a
- SSDEEP
  
  12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
Score

1^/10
behavioral7 behavioral8