blankgrabber | 148676520caaf0baf3e9613465facd01a6f57ed386f3bad87931d8d3329117e4

Sharing

General

Target

Advanced-IP-Scanner.zip
Size

29.2MB
Sample

250415-1zr5haxtfw
MD5

ff050b2a55572a51021b21bdd3d65555
SHA1

11360f099c7574c5ad35981b49b5c2d4dccf90c8
SHA256

148676520caaf0baf3e9613465facd01a6f57ed386f3bad87931d8d3329117e4
SHA512

925ac1934ec0a7a8be2f31fd19103dd84c856edaddc5870eabdd71a1dd9342bc2e936b90497789165bf40f88b8415bfdfaf35efc1bfe334fb0b818305c754673
SSDEEP

786432:97Th9mT97S7CzNwWCJK05IRTX+FTSy/pWWS:9R987S+pwW+NF93S

Score

10^/10

Malware Config

Targets

- Target
  
  Advanced-IP-Scanner/Advenced-IP-Scanner.exe
- Size
  
  7.1MB
- MD5
  
  4c790fb3ad130db359121ed3123daa18
- SHA1
  
  81e972e6e407e7da174df70e36448df2cea99808
- SHA256
  
  0d7eb95086e65e874e61aa201dcf0601b4d97421cd733c846169112ad11f1a96
- SHA512
  
  9540c3ee946a5cca6127cc8edc9b8062cb7faa1938152f86df5d0a840de0e68b9974c1ba88529f2a5b8ce48fc1a9c6857caebf273a9a3afcba4a9ce9b72a287e
- SSDEEP
  
  196608:QWC0WwpreNTfm/pf+xk4dWRimrbW3jmyd:BSy/pWu4kRimrbmye
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  Advanced-IP-Scanner/lib32.dll
- Size
  
  275KB
- MD5
  
  b9352fa2d673bf124116ba9e5639956e
- SHA1
  
  f511f3b653fc0a7a3e49d1cc58c21c9a53fcf79b
- SHA256
  
  58a0b8c13f085a3181fecc5d97cdfe5e35892af6b4b31d79657fc88512bb520d
- SHA512
  
  eea7bd7ff2023e2239b6d5a5ba96d4ecdab4217ecdd6f7403947aa09b1dd54db533bde3b8ef2256cdb720086754c716842bf98810c135b4d72f281dfe5dd48df
- SSDEEP
  
  6144:1PXVt3l07qcbU0ddapOpVXMpUvRz1Kxudx:FFt3lQbU05pm2z1KxY
Score

6^/10

discovery
- Drops desktop.ini file(s)
behavioral3 behavioral4
- Target
  
  Advanced-IP-Scanner/libEGL32.dll
- Size
  
  20.1MB
- MD5
  
  5537c708edb9a2c21f88e34e8a0f1744
- SHA1
  
  86233a285363c2a6863bf642deab7e20f062b8eb
- SHA256
  
  26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b
- SHA512
  
  35f44c0df4635a1020f52743d7cf3e4346d1bdf9010161326e572250ac93e0285b202532a07d2db8dbc67f6f0ced864083769e904bd5d82611244339ca8d31a1
- SSDEEP
  
  393216:Plu7Txs0NDmNh9D4HaSYz2Kj0Cz1gEVmWdQOjM/y3tFfs5IRRViGmMQZ+Bw5i:A7Th9mT97S7CzNwWCJK05IRTX+Fi
Score

4^/10

discovery
behavioral5 behavioral6
- Target
  
  Advanced-IP-Scanner/qipcap64.lib
- Size
  
  1.8MB
- MD5
  
  26f56121184843056f1d6e6db3f9844b
- SHA1
  
  f8d6c767cab3be5e55608cc5abd30a4c383759e9
- SHA256
  
  3ad26e1c16b6f49c6136c0c1c02c5943437349a310a6bcc5a8a0f4924a6f4ae4
- SHA512
  
  13a0898a6780f474ab4ffe8e46ca0227f03f2c4d26daaf4b61862eb7374a65d887b96a8672f21247e7f3aac4c49cce77521dd1564983b52f8716219aff894b9d
- SSDEEP
  
  24576:2m3hIqxIdAtLA0Q9xtPUf0ZOxGI3ffWgR5vuv54Jdhx76g:2gWaW9xthIXWgR5vuv54Jdhx7n
Score

3^/10

discovery
behavioral7 behavioral8