blankgrabber | e9b75e4351e9bfcaef1df3822dc94fdc588dd2a95074d9d5044a058ae869273a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Opium.exe

windows11-21h2-x64

8

Sharing

General

Target

Fnn5Ap3.rar
Size

6.2MB
Sample

240416-wcyljsge39
MD5

c3c9adff3d8341f8fa0f58413bacc287
SHA1

2276279cf3e153d68541e71b283e383307bdb200
SHA256

e9b75e4351e9bfcaef1df3822dc94fdc588dd2a95074d9d5044a058ae869273a
SHA512

5f5ab50c9f0b7971196856c696803ad33419f18d4cd889347d6dc4f141c4e6f2c27384e8e1531bd7413ff6ee6b28a9c9ebfad3551f0976174780c6b3d6a83bd0
SSDEEP

196608:9F2Je5UY0zDzb3lC5c5ErXFEhv9Okjw8cyAtzli:PceKhzb1C5c5EyhvnUFyOzli

Score

10^/10

blankgrabber spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Opium.exe

Resource

win11-20240412-en

spyware stealer upx

windows11-21h2-x64

21 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Opium.exe
- Size
  
  6.3MB
- MD5
  
  51a4b92d3d474b74c99f9bf8006adcf8
- SHA1
  
  876c3445e81651d207beedcdbc42384b7c6579f5
- SHA256
  
  25f1cc14c6f92b5300f016dbd6fae84ccd5e8c95cada73463b3b4963fcf12f16
- SHA512
  
  7aec357d2b1ed372f193ebed8a3dde3ece67d7ca76036c0a00c74141ea15a8dac4d6c1a34a9cc039110e993c6b4fbc11d85a251a69224752620badbe0a340778
- SSDEEP
  
  98304:CQ91G75YthUySccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1SX:F45e6ySraRRnz+R8zmPf1D7JX
Score

8^/10

spyware stealer upx
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

© 2018-2025

Terms | Privacy