blankgrabber | b392615e4ed0b6b2115a488494bdbae407a065c61747a27f8fa014f1cfdf5d62

General

Target

TZ crack.exe
Size

6.1MB
Sample

250415-v2rzmavtgy
MD5

23f797a105666948bf4bddad600d0550
SHA1

22d7df6c24e5e1f4670a74a827019148e4f88cdd
SHA256

b392615e4ed0b6b2115a488494bdbae407a065c61747a27f8fa014f1cfdf5d62
SHA512

5514b35033ffef9d1470113ee3bac19bd906fcdb1695ef58ace13448fcee9f91c9a1d435a86d9626c714e9c4b25a4fbcb2d10b0a516d6b17c31219a73dfe8168
SSDEEP

196608:uWqF7K0veN/FJMIDJf0gsAGK4RPnAK+gcPTZ:sK0s/Fqyf0gstPAKs

Score

10^/10

Malware Config

Targets

- Target
  
  TZ crack.exe
- Size
  
  6.1MB
- MD5
  
  23f797a105666948bf4bddad600d0550
- SHA1
  
  22d7df6c24e5e1f4670a74a827019148e4f88cdd
- SHA256
  
  b392615e4ed0b6b2115a488494bdbae407a065c61747a27f8fa014f1cfdf5d62
- SHA512
  
  5514b35033ffef9d1470113ee3bac19bd906fcdb1695ef58ace13448fcee9f91c9a1d435a86d9626c714e9c4b25a4fbcb2d10b0a516d6b17c31219a73dfe8168
- SSDEEP
  
  196608:uWqF7K0veN/FJMIDJf0gsAGK4RPnAK+gcPTZ:sK0s/Fqyf0gstPAKs
Score

8^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Enumerates processes with tasklist
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  ܑ��.pyc
- Size
  
  857B
- MD5
  
  beb51bc42dc0db2113f6088978a12858
- SHA1
  
  5c867e0b60110bcc4e3733b50a16bf7f75598d78
- SHA256
  
  d4462f509f076d81f13dbf19a5b1bb030702bf8750d00e5eb945401250f7980b
- SHA512
  
  8513a800cca90fd05ac078e5c0734c51c02092c57038f84105480d32127ea17add2cf1dafa72bd2af54157f083d87e25420761c96901f3c4c1b0e78b96c05bab
Score

1^/10
behavioral3 behavioral4