blankgrabber | 0cb58ebadb7f82f2752f73b5c92ad6e89c924c5ff6564842f602bdec7ed45376 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Bloxstrap-...IX.exe

windows11-21h2-x64

8

Sharing

General

Target

Bloxstrap-v2.5.4FIX.rar
Size

7.3MB
Sample

240509-fhp9csbg5z
MD5

d6723c65d9773aabbc1819e6afeeae22
SHA1

a08e516c27e121cebe709242feffa97d0ccb7da5
SHA256

0cb58ebadb7f82f2752f73b5c92ad6e89c924c5ff6564842f602bdec7ed45376
SHA512

113234c73818416aef9fc15b2d2eacb196493581413b0beffed0cb4b00b3f11447afda0849067eb984e9f038378d76a8f89be59b7d3dad55df0742b4a25d0916
SSDEEP

196608:yzMydRPL/cRRwQneytlTwTcDX5cy6Hqy4Wvo/C6Au65W1782:xUxITwwwTQJv6Hzdo/CV5Wg2

Score

10^/10

blankgrabber execution spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Bloxstrap-v2.5.4FIX.exe

Resource

win11-20240426-en

execution spyware stealer upx

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bloxstrap-v2.5.4FIX.exe
- Size
  
  7.4MB
- MD5
  
  5e9c4eb16c28e568256d11edd9699e6a
- SHA1
  
  3a9f895f172c5d64ab0fe979aa2c7b85dcfa2d35
- SHA256
  
  bc392d39cf812f3635484f81a8d93c3fa09e8584b71385b46832fe2463c783e4
- SHA512
  
  688ce9cf33201988355086c986faa3a93a8b4b6219517bf59329941e1cb7c5a754a611c56e50da7f44dadcab6d94acefb884853fe2fb336e24c192f13a3a28cb
- SSDEEP
  
  196608:wroAP9V3wurErvI9pWjgfPvzm6gsFEB4Au:Ol1wurEUWjC3zDb84Au
Score

8^/10

execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

executionspywarestealerupx

© 2018-2025

Terms | Privacy