blankgrabber | d3898ae65c5d7001787eeb212b79f3d7b83c0e31756a77f87bf64eb09cab0736

General

Target

Virus1.zip
Size

7.5MB
Sample

250413-1jsfbst1gv
MD5

5376876aa4d3058a900ad914693f8e73
SHA1

d80d62d5872241ac2dadc3191fe6c1676a90b501
SHA256

d3898ae65c5d7001787eeb212b79f3d7b83c0e31756a77f87bf64eb09cab0736
SHA512

967c920812fbf9b5a281862cfa5bfc2b57ce6b44db53c53d0c7117ed533bfffeb9fe10f3bdd7513ee220ba48241c3c880fb23b0ab4a8598015a05118c20c1503
SSDEEP

196608:4GEYEPFwdUM93zw1BrcNhnZWwHqq5GOs9dXX8htEn8FAkn6Brs:aP4UM9jw1Be3GOs7XX8DUBrs

Score

10^/10

Malware Config

Targets

- Target
  
  Virus1/Virus1/420-feather.exe
- Size
  
  10.0MB
- MD5
  
  abbde939de0a4ddb19318a6d962c5838
- SHA1
  
  21237ccf82d331abeaae44bfb63c2699182eacb2
- SHA256
  
  395cce2e85f22e508e34e04e78ae810eae210a4f7a734421363cc6789a65468c
- SHA512
  
  4dffdeb7c0658e31c65514568cef8da297bb6128479db888f1b2bb448b5f35814655a4afc10b4b6ed8920b7edf4efa0db8e7454b5cfd5e4b55991a6a8aba360f
- SSDEEP
  
  196608:BWk06CxOykwfI9jUCD6rlaZLH7qRGrGIYUoKy8FUsOnAOJ:kbIH20drLYRKjOJ
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Virus1/Virus1/feather.bat
- Size
  
  37B
- MD5
  
  3a7de8be0cc23a8c30c87df96fa0f642
- SHA1
  
  61472ac4a26bbb15d82af3d05fc83f3b40ce5cd4
- SHA256
  
  17042e97c53403f79ddca5d7da8289e48664c399094ac0bc4989494bdd834a60
- SHA512
  
  9e219a330ac972f2e37af1f6a6484b7095caad8dbb344033b8f9f08d640d7c63c7af636187d131bc030f7ff14b9267fbd5af55a292fb452ee9768ffff0ab9c41
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2