Overview

overview

7

Static

static

grabbot_0....ir.exe

windows7_x64

7

grabbot_0....ir.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    grabbot_0.1.5.2.vir

  • Size

    340KB

  • Sample

    200719-e8xp75vr1j

  • MD5

    d02f1ff60b9dc441a5fabf9057ba4560

  • SHA1

    dc2ea1f7c1b6b5ea6998bcc6f0db745a5531bc43

  • SHA256

    42037b4a472ddd39a76b92eb5eadddf373bfffe0d9166996ae6224a0363bc9d3

  • SHA512

    4c5f049c5c69580053b7eeb970e5cc976f1f55ebc37890176480a68f6e375fdaee05a5398a1ac5a950eae93318c1a08dda16b5aa3c66364066c422e5c272fef5

Score
7/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      grabbot_0.1.5.2.vir

    • Size

      340KB

    • MD5

      d02f1ff60b9dc441a5fabf9057ba4560

    • SHA1

      dc2ea1f7c1b6b5ea6998bcc6f0db745a5531bc43

    • SHA256

      42037b4a472ddd39a76b92eb5eadddf373bfffe0d9166996ae6224a0363bc9d3

    • SHA512

      4c5f049c5c69580053b7eeb970e5cc976f1f55ebc37890176480a68f6e375fdaee05a5398a1ac5a950eae93318c1a08dda16b5aa3c66364066c422e5c272fef5

    Score
    7/10
    spywareevasiontrojanpersistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks