Overview

overview

10

Static

static

grabbot_0....ir.exe

windows7_x64

7

grabbot_0....ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    grabbot_0.1.6.4.vir

  • Size

    380KB

  • Sample

    200719-zt53svcz6x

  • MD5

    33d2c3155d673293e9de6c7392b44a7d

  • SHA1

    f86cdd91174265345c013fefac1a260d3de85c23

  • SHA256

    121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6

  • SHA512

    a0d1ec810a73ef997ceba6d4c85280dc650636b6e6439f7eaa53aebfe1605962e3682a3760ccd334724089538d88f6b085019c45381899985d058b725b941a92

Score
10/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      grabbot_0.1.6.4.vir

    • Size

      380KB

    • MD5

      33d2c3155d673293e9de6c7392b44a7d

    • SHA1

      f86cdd91174265345c013fefac1a260d3de85c23

    • SHA256

      121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6

    • SHA512

      a0d1ec810a73ef997ceba6d4c85280dc650636b6e6439f7eaa53aebfe1605962e3682a3760ccd334724089538d88f6b085019c45381899985d058b725b941a92

    Score
    10/10
    persistencespywareevasiontrojan

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks