General
-
Target
Setup.exe
-
Size
45.0MB
-
MD5
11dd955753e805d97884977784e8a95e
-
SHA1
7fe60feea1337b2eea5032f12eea4edd048a8bd3
-
SHA256
9be0c2f2b682b7229faec18c7540eafacecaaecc262d03c499cc97d23c41cfef
-
SHA512
5caea776acbe1adf204cac551f7b67706648ba96dd8a8f86629b48b8cb56107c86e8c22f44ad77d853e01a613a5b6d15e326e353d99335bf1f6dcfc4f71a8779
-
SSDEEP
98304:UTbEtdFByhyCamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RRBMyY3BDD:UTSFMg7eN/FJMIDJf0gsAGK4RRuyWD
Malware Config
Signatures
-
A stealer written in Python and packaged with Pyinstaller 1 IoCs
resource yara_rule static1/unpack001/�vK�F��.pyc blankgrabber -
Blankgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Setup.exe
Files
-
Setup.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
�vK�F��.pyc