blankgrabber | f0bfd5bfc3e9d83e26445d8b370be79bc0efd31b086a76a4c9496f69a186f538 | Triage

Submit
Reports

Overview

overview

Static

static

MEXIS-BETA1.5.rar

windows7-x64

1

MEXIS-BETA1.5.rar

windows10-2004-x64

3

LunarBETA1...se.exe

windows7-x64

7

LunarBETA1...se.exe

windows10-2004-x64

8

Sharing

General

Target

MEXIS-BETA1.5.rar
Size

8.9MB
Sample

240707-d6re8asgkp
MD5

dc1ef8a006b8729112c19e7a60fd78e5
SHA1

a404a8f2c16a2b3e2e3b743eaf5672119062ab5e
SHA256

f0bfd5bfc3e9d83e26445d8b370be79bc0efd31b086a76a4c9496f69a186f538
SHA512

498172929a094ba6995194308e4daa1e4b4654f4f066ec6304e3b36c61649cc3fd1d1726a68ebbeebacfe3b47dd3a8bef447267c38825229697d75fcc56a399b
SSDEEP

196608:pP+ILWArnKy1bVM18LZYp8g1AFbCLFJdE9duvqUvjQtRu9Rqo:1+ILfnKyJVMQKKCD6XujTn

Score

10^/10

blankgrabber execution spyware stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

MEXIS-BETA1.5.rar

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

MEXIS-BETA1.5.rar

Resource

win10v2004-20240704-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

LunarBETA1.5/LunarBETA1.5/release.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

LunarBETA1.5/LunarBETA1.5/release.exe

Resource

win10v2004-20240704-en

execution spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  MEXIS-BETA1.5.rar
- Size
  
  8.9MB
- MD5
  
  dc1ef8a006b8729112c19e7a60fd78e5
- SHA1
  
  a404a8f2c16a2b3e2e3b743eaf5672119062ab5e
- SHA256
  
  f0bfd5bfc3e9d83e26445d8b370be79bc0efd31b086a76a4c9496f69a186f538
- SHA512
  
  498172929a094ba6995194308e4daa1e4b4654f4f066ec6304e3b36c61649cc3fd1d1726a68ebbeebacfe3b47dd3a8bef447267c38825229697d75fcc56a399b
- SSDEEP
  
  196608:pP+ILWArnKy1bVM18LZYp8g1AFbCLFJdE9duvqUvjQtRu9Rqo:1+ILfnKyJVMQKKCD6XujTn
Score

3^/10
behavioral1 behavioral2
- Target
  
  LunarBETA1.5/LunarBETA1.5/release.exe
- Size
  
  5.9MB
- MD5
  
  aa88a436350a9608d7a16a3e9924cbf2
- SHA1
  
  78b61c04d5693d7f020511a343e76c86e1d1de23
- SHA256
  
  23ae789d9169bf3c03aa4f4d74170cd64bd5c102976b2080034fb1b126790dd8
- SHA512
  
  e345882eb1d354a5076b51cbb0890293286e8d4feba3b289f76e050b774db774c6bdec81bdb19ab10292084cd6493f1fed6965a50cd99c943bc41896bb8ec982
- SSDEEP
  
  98304:ErXOmoDUN43WladjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aZnMw:ErXOumWMOjmFwDRxtYSHdK34kdai7bNs
Score

8^/10

upx execution spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

executionspywarestealerupx

© 2018-2024

Terms | Privacy