blankgrabber | 0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

API.exe

windows10-1703-x64

Sharing

General

Target

API.exe
Size

6.6MB
Sample

240421-y9zwzsbd3s
MD5

07fcda5e8c88548ab30e7a26b0304d8a
SHA1

b6abf49f34ab1465cd6f671b2148e5ddcaa2f152
SHA256

0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458
SHA512

cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92
SSDEEP

196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj

Score

10^/10

blankgrabber evasion spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

API.exe

Resource

win10-20240404-en

evasion spyware stealer upx

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  API.exe
- Size
  
  6.6MB
- MD5
  
  07fcda5e8c88548ab30e7a26b0304d8a
- SHA1
  
  b6abf49f34ab1465cd6f671b2148e5ddcaa2f152
- SHA256
  
  0c89c0d06ecfe89860ff6defd3e22a0b707b253f2f23f80192b3b3b9a1b28458
- SHA512
  
  cd6cb17854b0e47efb7325f22d119976a1a6fefd968e601ad0869c2467fc83f395bac237536d009aa8aac5fa22a594c711c05498019436f3503a6e7d90680b92
- SSDEEP
  
  196608:Yry7bJ7hEDOYjJlpZstQoS9Hf12VKXPXC9b8CuVj:5lEBpGt7G/Moy9bkj
Score

10^/10

evasion spyware stealer upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealerupx

© 2018-2025

Terms | Privacy