blankgrabber | FlugerClientLauncher[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FlugerClientLauncher.exe
Size

15.0MB
MD5

18485d3d5af7ae8564f3ffbeb7150b79
SHA1

e5941d3890e1dbecf8113b68420bea6fad21aea0
SHA256

e9422e6b37c0f077cdfc6ed1cfe3e9c7836ae452ebfbf2c78ae932931d77f904
SHA512

ddf063b54e5128003dddfcc5c74d9f0c310bef1d68a759d163dbbd1c7d77847f36c05c0fba10018d67bc0509cac9beecd4c04720e97d36be3015f84155849bc8
SSDEEP

196608:xrM40cDeqmLjv+bhqNVoBKUh8mz4Iv9Plu1D7As:OieqaL+9qz8/b4IzuRAs

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/�̅w.pyc	blankgrabber

Blankgrabber family
blankgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FlugerClientLauncher.exe

Files

FlugerClientLauncher.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
�̅w.pyc