blankgrabber | 9e34b9a14817f6285298052f8d29a454cd770c70f52b617f86196f90cdca436f

General

Target

DSMP-Duper.exe
Size

7.6MB
Sample

250415-1mnljs1ls5
MD5

c83c2c53a06ae5c2afbf349d82a2b528
SHA1

46731510519aace4b0e618aabdb764a131d799ee
SHA256

9e34b9a14817f6285298052f8d29a454cd770c70f52b617f86196f90cdca436f
SHA512

d2f9b5053a5e9e8bf3c8acb5dd831239c59600d7b924cf85fc54516cede30191a4e04f2414645da943b3b532994f17b31cda90c2a818383b09f0fac938027446
SSDEEP

196608:0WhDbHnwfI9jUCBB7m+mKOY7rXrZusoWDmhfvsbnTNkY:z3MIHL7HmBYXrYWaUNl

Score

10^/10

Malware Config

Targets

- Target
  
  DSMP-Duper.exe
- Size
  
  7.6MB
- MD5
  
  c83c2c53a06ae5c2afbf349d82a2b528
- SHA1
  
  46731510519aace4b0e618aabdb764a131d799ee
- SHA256
  
  9e34b9a14817f6285298052f8d29a454cd770c70f52b617f86196f90cdca436f
- SHA512
  
  d2f9b5053a5e9e8bf3c8acb5dd831239c59600d7b924cf85fc54516cede30191a4e04f2414645da943b3b532994f17b31cda90c2a818383b09f0fac938027446
- SSDEEP
  
  196608:0WhDbHnwfI9jUCBB7m+mKOY7rXrZusoWDmhfvsbnTNkY:z3MIHL7HmBYXrYWaUNl
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  eqb��!�.pyc
- Size
  
  1KB
- MD5
  
  711d3aa783a54665a4a4ffc1761f753a
- SHA1
  
  e6e1c10ad727b37239f328760fd6fe02da9aa5ba
- SHA256
  
  8b335811efb1582f145ff6d52bbcd71ff9e93b075b4e1de6ff168fc36098845d
- SHA512
  
  cc9ce478a94afa47da78068725282dd9f67f7bfe5596cb97ba86fbc87d5a750cfb04efb65a59e56054eaca83322d44b1bedd9516f9afab2470906f7eefe9a8b4
Score

1^/10
behavioral3 behavioral4