blankgrabber | 1d18d68cd0cbeda055a3de3f2d43e2e47f588089bfed7c127c722287a1ba90cf

General

Target

Built.exe
Size

6.6MB
Sample

250326-wbc88azves
MD5

a527d0e58b2fb74ae7361c236f70ea77
SHA1

d9c77e936dd99dbec4ac9ba7d5dde3823fa7f17b
SHA256

1d18d68cd0cbeda055a3de3f2d43e2e47f588089bfed7c127c722287a1ba90cf
SHA512

999f4961584c10cd091654ce651dac354674319ebfa60a85b7596920355b506ad1a72dc02b836bcb4df4d16a8c35e980bbcfb53d9ef71468f79d6fb8dcab1d40
SSDEEP

196608:3Ww1j2DDOYjJlpZstQoS9Hf12VKXMSEwbRC8VL84:WDBpGt7G/MyLbpI4

Score

10^/10

Malware Config

Targets

- Target
  
  Built.exe
- Size
  
  6.6MB
- MD5
  
  a527d0e58b2fb74ae7361c236f70ea77
- SHA1
  
  d9c77e936dd99dbec4ac9ba7d5dde3823fa7f17b
- SHA256
  
  1d18d68cd0cbeda055a3de3f2d43e2e47f588089bfed7c127c722287a1ba90cf
- SHA512
  
  999f4961584c10cd091654ce651dac354674319ebfa60a85b7596920355b506ad1a72dc02b836bcb4df4d16a8c35e980bbcfb53d9ef71468f79d6fb8dcab1d40
- SSDEEP
  
  196608:3Ww1j2DDOYjJlpZstQoS9Hf12VKXMSEwbRC8VL84:WDBpGt7G/MyLbpI4
Score

10^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  GR�>�.pyc
- Size
  
  857B
- MD5
  
  490535ecf0f8e36f098cf495bbd433ea
- SHA1
  
  6c7f4ef3e4d18f213b083154ca8dcd0709dee75e
- SHA256
  
  919c17a6b0c928c1b63443f578838729712e527656f0529f7fb795989c2cab00
- SHA512
  
  9002a6ad5b529562ba94b9760c285f1ee3cb18f1fad0517e7fe2f12847453015e771d996ed6668e0e60f10c7cb5717b05007eea9954e67f093c511e9004e82ec
Score

1^/10
behavioral2