blankgrabber | ece75ede2d7c8d37b4a14345e6a8dd303adc4e9457330e1be269e12f3e224be6

General

Target

skeet.exe
Size

7.7MB
Sample

240706-rhbazsseqa
MD5

09acf9fd277ddfa74441e03e40d7d1cf
SHA1

d730168ae5ae8b8350e0b13b131a8efc1faea782
SHA256

ece75ede2d7c8d37b4a14345e6a8dd303adc4e9457330e1be269e12f3e224be6
SHA512

13956a912884bfc0c9648cd18d0c29ca1dc7dbfff300900d76f694916c58a8732d18bd0e05a7452b29559033a36488a221bbcbb2c16d6e16d509ebc91674d249
SSDEEP

196608:gz01qeNTfm/pf+xk4dNSESRatrbWOjgK4:Dy/pWu4m5RatrbvMK4

Score

10^/10

Malware Config

Targets

- Target
  
  skeet.exe
- Size
  
  7.7MB
- MD5
  
  09acf9fd277ddfa74441e03e40d7d1cf
- SHA1
  
  d730168ae5ae8b8350e0b13b131a8efc1faea782
- SHA256
  
  ece75ede2d7c8d37b4a14345e6a8dd303adc4e9457330e1be269e12f3e224be6
- SHA512
  
  13956a912884bfc0c9648cd18d0c29ca1dc7dbfff300900d76f694916c58a8732d18bd0e05a7452b29559033a36488a221bbcbb2c16d6e16d509ebc91674d249
- SSDEEP
  
  196608:gz01qeNTfm/pf+xk4dNSESRatrbWOjgK4:Dy/pWu4m5RatrbvMK4
Score

8^/10

upx execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  ��H�.pyc
- Size
  
  1KB
- MD5
  
  be4d47fed5755f7b893a13a7230dd2fa
- SHA1
  
  5d780bb0b88495d7cc5f574d88f71e14b0ac3f71
- SHA256
  
  63aa685e36a3ef7d0a89d916aba88c4ca0485f2e6eaa164e9a3889da2930a80b
- SHA512
  
  f1e893b715d9048b66633430170eded7484131dcc92824598af6943b2ab10f4c7642b2fa18247d76365a45efdaf3cc2fda9fa18e3926f01711ff8390e3feac9b
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4